Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Security Firm Stresses Importance of Cybersecurity in Crypto Projects
Amid a surge in cryptocurrency investment – particularly across decentralized finance, or DeFi – blockchain experts warn that lax security, including “centralization risks” and other code weaknesses, was a main factor in $1.3 billion in cryptoassets being lost to hacks, exploits and scams in 2021. The losses, according to blockchain security firm CertiK, rose from $500 million in 2020.
See Also: Live Webinar | OT Cybersecurity Strategies for Executives
In its new report, entitled The State of DeFi Security 2021, CertiK researchers say, however, that due to the uptick in investment, 2021 losses represented just 0.05% of crypto’s total market capitalization – dropping 17% from 2020.
CertiK credits much of the growth in digital currencies to the rise of Binance Smart Chain, whose total value locked, or TVL, grew from $62 million to $21 billion in 2021 – a 31,000% increase, the firm says.
But the rise of DeFi protocols – which do not rely on traditional intermediaries and instead run on peer-to-peer smart contracts across decentralized apps, or DApps – has made the reward for successful exploits even greater, CertiK says. And “increased interoperability,” it says, has opened up new attack vectors.
According to DeFi Pulse, which tracks related investments, DeFi had $95 billion in TVL at the time of writing.
Centralization and Other Risks
CertiK researchers, who audited more than 1,700 projects, say the most common vulnerability detected across DeFi protocols was centralization risk, in which a single actor controls multiple addresses. CertiK encountered 286 “discrete centralization risks” across the 1,737 audits performed in 2021. It says: “Centralization is antithetical to the ethos of DeFi and poses major security risks. Single points of failure can be exploited by dedicated hackers and malicious insiders alike.”
Other common vulnerabilities included 211 instances of “mission event emissions,” or functions that should emit notifications to users when…
Read More: www.bankinfosecurity.com