There is no doubt that the last few years have seen a significant increase in the number of people and institutions taking part in the blockchain and investing in crypto assets. This increase, together with the fact that this new technology is not yet secured, has led to a rise in the number of hacks and exploits affecting those participating in web3.
There is currently a considerable gap between the money and trust put into crypto applications by reputable organizations and companies and the level of security and operational monitoring that these applications leverage in order to mitigate risks.
The bear market we have experienced in the last year has also affected cryptocurrencies and web3 in general, but in addition to this, research has shown that bear markets as well as bull markets provide countless opportunities for manipulators, hackers, and all kinds of abnormal behavior. This is because it is easier to move prices when liquidity is low. Unfortunately, these exploits happen all the time - even in a bear market.
Although our current bear market has slowed crypto adoption worldwide, hacks and exploits are still happening in numbers similar to those seen in a bull market. In fact, October 2022 had the most hacking activity seen to date and more than $718 million has been stolen from Defi protocols across different hacks and exploit events.
What is the problem?
One of the main issues when tracking risks in crypto is that they are often very different from the risks we see in traditional finance or other kinds of applications. This makes it difficult for various participants (VCs, Hedge Funds, Traders, retail investors, and protocol builders) to properly assess and continuously monitor how these risks change over time.
Application creators don’t usually run the applications in production - this is unique to blockchains. In most cases, it is the validators who run the applications. This is the beauty of blockchain, but also the reason that the operational and security model is harder.
What kind of risks are there?
There are different types of attack vectors that lurk in the crypto space, let's explain a few of them:
Front End Attacks
These are attacks targeting the “Web2” portion of the applications - mostly their web application or cloud/hosting infrastructure. For example, the Badger DAO incident, where a hacker exploited the Cloudflare workers portion of the application and directed funds to their wallet address instead of Badger DAO addresses. This meant the users were unable to see that they were not interacting with a legitimate application.
Phishing and Scamming
Many users get phished or scammed over social media (Discord, Twitter, Telegram, etc.), mostly by sending them links or requests that drain their wallets or steal their assets/NFTs.
These come in the form of code errors, compromised private keys, initialization bugs, known or forked vulnerabilities, poor access control or governance management, supply chain and API integrations, oracles and bridges, and chain infrastructure. All of these can lead to protocols and dApps being hacked or exploited and funds stolen.
A Rug pull is a mechanism where an application is created, marketed, and published with the intention of stealing the users' funds.
They might not have intended to be corrupt initially, but the painful outcome is the same.
Malicious Governance is a process where a participant with voting rights can vote for changes which may have tremendous effects on investors and the protocols they influence. Any change could potentially lead to a money loss - whether a malicious change or a change of critical parameters in the code. Because companies don't have the manpower to monitor and track all of these changes, it is not possible to know at which point in time things happen inside the code, who was responsible, and how it may have affected assets.
Price and Market Manipulations
Price and Market Manipulations are kinds of risks that can affect the perceived value of the asset. These risks can be expressed as: Position percentage in the pool, liquidations, de-pegging stable coins, pool tokens ratio anomalies, flash loans, excessive mints and burns, oracle stability, and more.
What is the solution?
Audits are not the optimal solution as they don't scale or protect continuously, and they are not efficient when many different risks are in need of covering. Auditing also brings in human trust issues. We believe that something else needs to be created in order to give a sustainable solution for the pains discussed above and for this reason, we are building a platform to address all these risks and to help you to secure your assets proactively and efficiently. We believe security and risk mitigation must be solved in an end-to-end holistic approach that is continuous and automated. One of the greatest advantages of blockchain is its transparency. We are using this transparency to fight the bad guys and bring trust and security back to the builders.
Stay tuned to learn more!