We are at the dawn of a new era of global finance. Decentralized Finance (DeFi) will soon provide the foundation for how the world will conduct financial transactions, with the advantages and accessibility that it offers so powerful, that humanity will once wonder how we ever lived without them.
While the first bank in the world opened in the year 1401, you may be surprised to know that over six centuries later, there are more than 1.7 billion individuals on Earth that remain unbanked. That’s more than 20% of the global population.
DeFi has the potential to finally provide the solution that has not been achievable in 600 years – equal access to financial capital for all, regardless of economic status, country, gender, religion, race, or all other obstacles which have, at one point or another, served as barriers or deterrents for individuals to obtain access to the global financial system.
The future is coming – but admittedly, the industry is still very much in its infancy. DeFi was only introduced in 2018, born from a Telegram chat between Ethereum developers and entrepreneurs. Considering that we are talking about changing the world, there is much work that remains to be done.
Chief among those pains is the concern around the security of DeFi applications and transactions. After all, 2020 saw at least 17 DeFi hacks, resulting in a loss of more than $154M USD. 2020 saw hackers steal almost $4B USD worth of cryptocurrency, and while DeFi related theft represents less than 4% of that amount, DeFi hacks are expected to rise, given the new technologies associated with this space, and the vulnerabilities and exploits that have yet to be identified.
Existing Problems With DeFi – Common Attacks and User Confidence
Since the introduction of DeFi, it has become the fastest-growing sector in crypto. With several projects and developers racing to become the first to release the product that everyone will use – it is only natural that there have been (and will be) elements of these applications which are still unstable and bug-ridden. With coders crunched for time, development processes remain immature – often leading to gaps that are not identified timely, or worse, identified by bad actors who then find ways to exploit them.
2020 saw two particular forms of attacks that were used over and over again – reentrancy attacks, and asset price manipulation. In fact, over half of the 17 largest attacks were done so via one of these two methods, which resulted in more than $90M USD in losses (almost 60% of total funds stolen via DeFi attacks).
Reentrancy attacks, which contributed more than $25M USD in losses for 2020, is where attackers run malicious code against smart contracts, with the intention of withdrawing funds. In a normal scenario, such a withdrawal would conclude with the smart contract’s fund balance being updated. However, in a reentrancy attack, the malicious code interrupts the smart contract from updating its balance after the withdrawal, and instead, runs a separate function to withdraw again against the smart contract. This can happen endlessly until the funds tied to the smart contract are fully drained, leaving the holders of the smart contract tokenless before they even know it. In 2020, Origin, dForce, and Akropolis were all victims of Reentrancy Attacks on their platforms.
Asset Price Manipulation & Resulting Arbitrage
Asset price manipulation attacks are a mechanism where a smart contract’s inherent need to obtain token price information is taken advantage of. In these hacks, attackers often took flash loans, which are uncollateralized borrowings of funds, and then would go to a decentralized exchange (DEX) to make large purchases of one token utilizing another token (e.g. using USDT to buy USDC). Because the attacker was operating with a flash loan, their financial power could be enormous – turning them into Token Whales, with the ability to move the market at will.
With large purchases of a particular token, the price of the purchased token would naturally drive upward (simple supply and demand). However, the attacker would then unload the purchased token in a different DEX, pocket the resulting difference due to arbitrage, and return the original funds of the flash loan back to the lender. One of the largest DeFi hacks of 2020 was impacted utilizing this method, where an attacker made away with $24M USD in seven minutes. Finally, someone found a way to make more than Jeff Bezos per minute, albeit illegally.
External hacks aside, DeFi on its own currently faces confidence issues from the very users that it seeks to incorporate into its ecosystem. Without the “benefit” of a mediating third party (e.g. financial institutions), virtually any mistake made by the user while using a DeFi product faces the challenge of being irreversible. No more calling your bank to stop a transaction, no credit card company to call to let them know that your card has been stolen and used – in DeFi, once the money leaves a user’s wallet, it’s gone.
Rising numbers in hacks, development processes that don’t catch every vulnerability before DeFi products hit the market, and shaky confidence by the end-user to maintain, manage and use the DeFi product correctly. How can we overcome these issues so that we can ensure that the DeFi community continues to grow safely?
Say Hello to PARSIQ!
PARSIQ is one of the first crypto-centric available solutions out there, providing compliance and risk management solutions for any company or user that is involved with cryptocurrency transactions. PARSIQ understands the risks that come with DeFi, from the vulnerabilities that exist in smart contracts to the crisis of confidence that end-users face when using DeFi products.
PARSIQ knows that today, with the shift from centralized structures to decentralized architectures, a world now exists where information on digital assets and transactions are more difficult to come by. While this is partly due to a lot of the anonymity that comes with blockchain technology and related transactions, it is mostly due to the lack of powerful tools to provide monitoring and analytics in blockchain and cryptocurrency ecosystems, which is what PARSIQ aims to solve.
With PARSIQ, users can monitor their smart contracts and DApps, digitized or tokenized assets, the integrity of their transaction partners, balances for millions of crypto addresses, DeFi collateral, and more, all in real-time.
PARSIQ is implemented as a mix of centralized and distributed components, which combine backlog processing services with real-time monitoring of unconfirmed transactions. Essentially, the platform monitors blockchain infrastructures along with its associated blockchain transactions in real-time through its monitoring capabilities.
With these services, PARSIQ can perform tasks such as knowing the exact state of a pool’s wallet in real-time. Not only that, activities into and out of the pool are also visible, bringing an added level of security and visibility that will allow all wallet holders to rest a little easier, having 24/7 easy access to their balances.
PARSIQ also provides reporting capabilities – allowing wallet holders to receive “Proof of Reserve” emails to show that their balances remain safely in place. These also may serve to be extremely valuable for if/when a wallet may be compromised, providing an audit snapshot of before and after an intruder attack.
Perhaps the most exciting part of PARSIQ’s functionalities lies with its capabilities in the monitoring codes – keeping track of any code that may be released into a smart contract or DApp that was not done without the permission of the owners.
Better Together – Binance Smart Chain and PARSIQ
Towards the end of 2020, the Binance Smart Chain had successfully integrated PARSIQ, which now allows all BSC smart contracts to take advantage of the full suite of products and 24/7 services that PARSIQ has to offer. With PARSIQ, DeFi applications and users can rest more easily knowing that they no longer need to be the only line of defense to protect their funds from a single mistake or from a third-party intruder.
As well, coders who may be strapped for time to release the next iteration of their DApp can now rely on PARSIQ solutions to help run production tests – comparing the logic built with the expected outcome. This is truly a solution that benefits all parties in the DeFi ecosystem.
Moving Safely Forward in the World of DeFi
While it is unknown when the next DeFi hack will take place, what is for certain is that it will happen, and more than likely, it will happen soon. Besides creating great products and creating a great user experience, it is of paramount importance that the world of DeFi consider all necessary security and monitoring solutions – as there is very little extra protection available in these early days between a digital wallet and a sophisticated perpetrator.
Livelihoods, trust, and an entire upcoming industry are at stake – ensure that your applications, products, wallets, and services are properly protected, for your sake and for those who you transact with.