Mainstream interest in DeFi is on the rise, but so is DeFi-related crime—and the latest hack may just be the biggest crypto attack in history.
On August 10th, Poly Network, a computer protocol that allows users to transfer tokens from one blockchain to another, announced that assets on Binance Smart Chain, Ethereum, and Polygon were stolen by hackers. Blockchain data shows that at least $600 million in assets was taken across all three chains. According to the protocol, the hacker exploited a vulnerability between contract calls.
The damage is arguably irreparable—but it could have been worse.
According to the hacker, who detailed how the initial hack went down in a question-and-answer session, Huobi’s EMV-compatible public chain HECO was among the chains targeted, but it went “wrong.”
I like how the PolyNetwork Exploiter is having an AMA right now… what a ridiculous space. pic.twitter.com/FBQieZqdQW
— Sam MacPherson (@hexonaut) August 11, 2021
“The relayer does not behave like the others, a keeper just relayed my exploit directly, and the key was updated to some parameters. It ruined my plan.”
Even as the hacker returns stolen tokens back to Poly Network, concerns regarding the long-term safety and security of DeFi assets are heightened.
A Year of Highs and Lows for DeFi
DeFi, or decentralized finance, has been around for some time, but only in the past few years has it truly taken off, largely fueled by innovations in blockchain and fintech technology, and—most recently—the non-fungible token, or NFT, craze.
2021, in particular, has been a landmark year for DeFi. Even now as Bitcoin hash rates only begin to recover, more than $80 billion is locked in DeFi protocols.
But along with the good, there’s the bad. According to a new report from CipherTrace, by the end of July 2021, DeFi-related hacks totaled $361 million, making up three-quarters of the total hack volume this year—a 2.7x increase from 2020. DeFi-related fraud is also on the rise, accounting for more than half of all major crypto fraud volume.
Interoperability between DeFi protocols has also increased, opening up new attack vectors for bad actors. According to Coin98, there were 11 major DeFi thefts in the third quarter of 2021, of which 5 were related to cross-chain bridge assets.
Protecting Your Assets: Self-Custodial Products vs. CEXs
While malicious activity is not entirely unavoidable, there are several things users can do to help ensure their assets stay safe—whether they’re using a self-custodial product or a centralized exchange.
A hot wallet is a tool that allows cryptocurrency users to store, send, and receive tokens. Because the wallet can be connected to the internet, there is a risk of exposing information to hackers. Common hot wallets include ImToken and MyToken, many of which encourage users to back up their wallet information, specifically mnemonic phrases, keystore systems, and private keys.
Cold wallets, also referred to as “hardware wallets” and “offline wallets,” don’t connect to the internet, but there is still the risk of damage or loss. In other words, backing up information on any wallet is important for asset protection.
Centralized exchanges differ when it comes to data storage and asset protection. However, the most equipped centralized exchanges have the tools and security to prevent hackers from obtaining users’ private keys.
Huobi’s Approach to Risk Management and Asset Security
Huobi Global is regarded as one of the safest, most secure crypto exchanges based on its track record. In eight years of operation, no major security incidents have occurred on its platform, an accomplishment Huobi attributes to its risk control strategy.
Huobi has taken notice of the large sum stolen from the #PolyNetwork tonight. Our risk control and security teams are already tracking and identifying the addresses involved. We'll do everything in our power to assist and protect the crypto community. #StrongerTogether
— Du Jun (@DujunX) August 10, 2021
“Our risk control team has been working diligently to not only protect our users and their assets but also identify potential attacks before they happen,” stated Jeff Mei, Director of Global Strategy.
While the Poly Network attack was prevented by HECO and didn’t affect Huobi Global users, the platform has risk controls in place as another barrier of protection.
Huobi’s risk control strategy consists of several components, including an investor protection fund to protect the rights and interests of its users and advanced threshold signature technology for its cold wallet.
Best Practices for Crypto Trading on a CEX
While Huobi Global is focused on risk control, the exchange believes equipping its users with the education and resources they need to protect themselves is also important.
“Our priority is a safe and secure platform for our users, and to achieve this we need the support of our users,” Jeff added.
Huobi’s first tip before trading on a crypto exchange: Choose an email provider with a strong security system for your account.
“Exchanges sometimes limit the length and strength of user passwords for security reasons, so be mindful when choosing your password, as well as your email address.”
Huobi also recommends using Google verification rather than SMS verification to verify identity. Users should also enable more advanced security measures when possible and whitelist withdrawal addresses so their assets only go to crypto addresses listed in their address books.
“The future of DeFi is very exciting, but with opportunity comes risk,” commented Jeff.
“As we move forward, all of us—exchanges, platforms, communities—must perform due diligence to ensure the safety and security of our industry moving forward.”
Disclaimer: This is a paid post and should not be treated as news/advice.
