Security in DeFi: integration of blockchain into fintech – Sergey Kondratenko

The specialist is confident that the ability to resolve these issues today will be critical to determining the future of the cryptocurrency industry.

DeFi and security: what should you pay attention to?

In 2016, The DAO was hacked, as a result of which more than 3.64 million ETH was stolen, which at that time amounted to about $60 million. Over time, the level of losses only increases, as evidenced by the use of Binance Bridge in 2022 in the amount of $570 million At the same time, Sergey Kondratenko says that the total number of DeFi protocols that have been attacked is growing, as is the level of risks.

In 2022, a significant portion of stolen cryptocurrencies, namely $3.1 billion, is associated with DeFi protocols, accounting for 82.1% of the total theft volume.

Why is DeFi so vulnerable to risk? Among the reasons Sergey Kondratenko names:

1) the rapid introduction of innovation can sometimes lead to insufficient attention to safety issues;

2) difficulties in developing DeFi applications. DeFi applications are complex technical constructs, often relying on a variety of technology stacks, financial elements, and frameworks. An outdated or vulnerable dependency may cause all applications to have the same security loophole.

The expert notes that assessing security in the DeFi world requires a more in-depth analysis than a simple study of internal contracts. It is necessary to check the underlying infrastructure and components that were inherited from other projects. However, founders of DeFi projects usually do not have enough time to conduct such analyzes, since the field is developing very quickly and requires constant updating.

Sergey Kondratenko: Possible risks and challenges in the field of blockchain and DeFi security

Sergey Kondratenko says that given the circulation of funds, the high rate of innovation and the decentralized nature of open source, DeFi protocols become an attractive target for hackers and scammers. Therefore, the specialist urges you to take into account the risks:

• Attacks on Smart Contracts. Smart contracts play a key role in many cryptocurrency transactions. However, they, like any program, may contain syntax or logical errors. Vulnerabilities in smart contract code can become a target for fraudsters. Some common types of vulnerabilities include flash attacks, oracle manipulation, and re-entry attacks. Despite the efforts of developers to create secure smart contracts, hackers still find ways to carry out attacks. For example, the latest Deus DAO incident (May 2023) was related to a vulnerability in the recording function.
• Market volatility and manipulation. The cryptocurrency market is known for its volatility, and this is a fact that cannot be ignored. There have been significant price fluctuations over the past two years. This is clearly illustrated by Bitcoin, which peaked at $60K, fell to $15K, and then rose again to $30K in the second quarter of 2023. Most other cryptocurrencies followed this trend. However, there are other problems in the crypto world.

Sergey Kondratenko believes that it is very important to take into account the presence of large cryptocurrency holders who have significant influence on the market. He also names another risk – market manipulation, and not always in honest ways.

Additionally, some token issuers get too caught up in analyzing distribution charts and do not pay enough attention to the demand factors for their products. This can lead to serious problems. There have been cases where poorly designed token economics have caused serious problems for DeFi projects. For example, SafeMoon, where despite an apparently reasonable mechanism for burning tokens to maintain the price, demand plummeted, leading to a whopping 99.95% drop in prices. This destroyed the protocol’s economy and community.

• Regulatory risks. The DeFi ecosystem, according to Sergei Kondratenko, operates in the field of fuzzy regulation. This, he said, could create legal risks for entrepreneurs, investors and users, exposing them to potential violations of financial laws and regulations.

Since 2017, the US Securities and Exchange Commission (SEC) has been actively advocating for the regulation of cryptocurrencies. SEC claims that it has the competence to control digital coins and the platforms on which they are traded. However, the SEC can only regulate digital coins that are considered securities, such as stocks and bonds. This means that many crypto tokens were distributed illegally.

Work is currently underway on the legal status of DeFi. Lawmakers are requiring crypto traders to have KYC (know your customer) policies to prevent the illegal use of blockchain for money laundering and sanctions evasion. The expert is convinced that DeFi projects should be aware of the legal regulations in the countries in which they operate in order to avoid possible legal problems.

• Management risks. The idea of ​​perfect decentralization was one of the key promises of blockchain technology. The principle of decentralization must be enshrined in the consensus mechanism, and this happens at the blockchain protocol level.

However, in most cases, blockchains with Proof of Authority or Proof of Stake Authority consensus mechanisms are centralized. Here, according to Sergey Kondratenko, it should be remembered that the decisions made by few validators can have a significant impact on the DeFi protocols running on such chains.

In addition, the specialist says that there is a risk if attackers take over the blockchain and perform 51% attacks or Sybil attacks. Although such cases are rare, they can still happen, especially with new blockchains.

Sergey Kondratenko: What to do to secure DeFi

Not participating in DeFi due to its inherent risks can be compared to shutting down a server to stop one of the processes. A more reasonable approach, according to Sergey Kondratenko, is to search for practical solutions based on advanced techniques, such as:

• Regular security checks of smart contracts. The risks associated with smart contracts represent one of the most critical weaknesses of DeFi. One of the best ways to deal with this problem is to conduct systematic audits of protocols. Internal audits and automated tools can be helpful, but they cannot completely replace independent external audits conducted by trusted parties.
• Constant updating and improvement. You always need to keep the project up to date by regularly updating and improving smart contracts and protocols. This will help minimize the risks of vulnerabilities and make the system more reliable.
• Regulatory Compliance. Regulatory issues should be taken seriously and compliance must be followed where necessary. This will help avoid legal problems and ensure long-term sustainability.
• Mixed Methods Consensus. Consideration should be given to using a combination of different consensus methods to make the system less vulnerable to attack.
• Education and training. It is important to invest in education and training for team members and the community. The more informed participants become, the less likely they are to make mistakes.
• Cooperation and audit. Collaborating with other projects and conducting independent audits can help identify and address potential risks.

To summarize, Sergey Kondratenko emphasizes that DeFi opens up enormous prospects for innovation and growth in the world of finance. However, to ensure the long-term success of this ecosystem, significant risks must be addressed. By implementing advanced security practices in DeFi, entrepreneurs, investors, and ecosystem participants can create a more secure and trusting financial system of the future.

About Sergey Kondratenko

Sergey Kondratenko is a recognized specialist in a wide range of e-commerce services with experience for many years. Now, Sergey is the owner and leader of a group of companies engaged not only in different segments of e-commerce, but also successfully operating in different jurisdictions, represented on all continents of the world. The main goal is to drive new traffic, create and deliver an online experience that will endear users to the brand, and turn visitors into customers while maximizing overall profitability of the online business.