Why are there so many security incidents in DeFi?

Although the blockchain has always been known for its high security, we often hear in many reports about the frequent security incidents in the blockchain.This has led some to cast doubt on the security of the blockchain.

However, when we carefully analyze these security incidents, we will find a very wonderful phenomenon, that is, most of them are concentrated in the application of decentralized finance (DeFi)in the scene.According to a report released by CipherTrace earlier this year, DeFi accounts for more than 75% of all crypto hacking attacks that occur in blockchain security incidents.Among the crypto fraud cases, the incidents that occurred in DeFi also accounted for 54%.

The high security of the blockchain itself is worthy of recognition.The structural characteristics of the decentralized distributed ledger make the blockchain network composed of a large number of nodes in equal positions, and these nodes jointly govern the blockchain through a consensus mechanism in the network.In theory, to launch an intelligent attack on the blockchain, the attacker needs to control all nodes.

Although it is difficult for blockchains to achieve this ideal state in actual construction, it still sets a huge challenge for attackers.The security of blockchain is also recognized by many people.

So, why is DeFi built on a highly secure blockchain an area of ​​"focus" for attackers?

Here we need to mention the cross-chain bridge between blockchains.

The so-called cross-chain bridge refers to a mechanism that connects two different blockchains so that users' digital assets and data information can be circulated between different blockchains.As the application of blockchain in the financial field, DeFi will naturally involve the flow of a large amount of funds between different blockchains. Therefore, DeFi has a very high demand for cross-chain bridges.

From a security point of view, cross-chain bridges are actually very fragile.The task that the cross-chain bridge needs to perform is not a simple capital exchange like RMB to USD. To use an easier-to-understand analogy, it is to convert your WeChat steps into RMB.The complexity of this information and asset exchange brings a test to the logic, verification, signature and other security measures between the cross-chain bridges.Therefore, under the limitations of technology, there are actually a lot of security holes in the cross-chain bridge, which also makes it more vulnerable to hackers.

In addition, many cross-chain bridges today use third-party external verification. However, the cross-chain bridge itself does not have a particularly high review of the credibility of the verification nodes.ability, which provides a channel for attackers to do evil by validating nodes.Many security incidents in DeFi are caused by hackers hijacking or deceiving validators.

These security issues of cross-chain bridges make DeFi a "hardest hit" for security incidents in the blockchain.However, the interoperability provided by the cross-chain bridge for the blockchain is an indispensable part of the entire ecosystem. Therefore, how to improve the security environment of DeFi has also become a key research direction for many developers.Only by making the cross-chain bridge more secure can DeFi develop better.