“The bull market in cryptocurrencies is also a haven for hackers and criminals”
DeFi, as the lead of this industry outbreak, has completely activated the whole industry since its rise in the second half of last year, building a whole set of DeFi ecology such as DEX, decentralized lending, prophecy machines, asset cross-chain bridges, etc. It has successfully run a number of high-quality projects such as Uniswap, Compound, AAVE, etc. As of June 6, the locked digital assets on Ether alone As of June 6, the value of digital assets locked on Ether alone is as high as $60.87 billion.
While these new projects and new ecology are rising, a new dark side of the industry is also born, with various lightning loan attacks, new DeFi scams, scientists monopoly and other security incidents popping up all over the place.
According to the monitoring of the National Blockchain Vulnerability Database, there were 103 DeFi security incidents in 2020, all of which were mainly concentrated in the period after the DeFi outbreak, and there were 25 high-impact DeFi security incidents in November last year alone. And now, as DeFi expands to low-cost public chains such as BSC, Heco, Solana and Fantom, various risks and security issues have shifted to these new public chains.
According to PeckShield situational awareness platform data, in May this year alone, there were 46 more prominent security incidents in the industry, of which 25 involved DeFi, with losses amounting to $280 million.
BSC has become a high incidence of security incidents.
On May 20, PancakeBunny was attacked by an economic vulnerability, causing the price of BUNNY to plummet, flashing from $200 to $4 for a short time, nearly returning to 0. On May 28, the DEX protocol JulSwap on the BSC chain was attacked by a lightning loan, and the token JULB fell by over 95% in a short period of time, and on the same day, another DEX on BSC –On the same day, another DEX on BSC, BurgerSwap, also suffered a lightning loan attack, with over 432,874 Burgers stolen, or about $3.3 million; on May 30, the AMM protocol Belt finance also suffered a lightning loan attack, with a loss of $6.2 million.
For ordinary users, who are already on the disadvantaged side of information, these potential security risks make the survival environment even worse, because they cannot hope for authoritative regulation, so they can only rely on self-help and the development of a safe sense of risk prevention.
So how can we navigate safely in the sea of DeFi? And how can you protect your wallet assets in the gladiatorial arena of hacking? What are the guidelines and security measures to follow?
How can I use my wallet safely?
The biggest sadness for digital currency investors is that “the wallet is still there, but the coins are gone”.
Not long ago, a wallet called LCS was revealed to be a vigilante, stealing user assets by maliciously collecting user helpers on the back end.
However, when the user is in the process of importing the helper word, it will be uploaded to this interface: portal-api-v3.lcs.world/user/importWallet, stealing the user’s helper word. Although it claims to be a decentralized wallet, it is actually a real centralized wallet.
At the time of writing, nearly 190 ETH (worth $500,000) have been transferred from the wallet’s guarded address, and there are small amounts of money transferred by other users.
This risk is actually very difficult to prevent, and the best way to do so is to not feel free to use new wallet products or import accounts with assets into unfamiliar wallets without being sure that the wallets are safe or not, and to try to choose internationally known mainstream wallets.
If this risk is difficult to identify, the over-authorization of wallets when using DeFi products is something we can control ourselves.
As we all know, when we use DeFi products, we interact with digital assets, and the first step is to authorize the approve. Generally speaking, developers set the maximum number of tokens to be authorized to smart contracts by default in order to avoid repeated authorizations from users, but there are cases of over-authorization, i.e. there is no limit to the maximum number and contracts are called at will.
Previously, a Twitter user named Jhon encountered this situation where the authorized contract was phished, allowing it to have $140,000 worth of UNI stolen overnight, and one of the important reasons was that he gave the contract the right to use unlimited tokens.
As a DeFi participant, you call a lot of wallets and authorize a lot of protocols every day, so how do you determine if you’ve had such over-authorization in the past? Here is a method that you can refer to.
First, log in to the Ethernet browser at https://etherscan.io/, click More, and go to the Token Approval screen.
Then, enter the address you need to check, and once the check is complete, you can clearly see which program parties and currencies you have authorized.
If you want to cancel the authorization, you also need to connect to the wallet, click “Connect to web3” in the upper left corner to login to the wallet, and then cancel it through the Revoke column at the back. So, if it is a well-known authorized project, or a product and token you often use, we can cancel without it, otherwise, if you call the contract again after canceling, you will need to pay an additional GAS.
So, in order to avoid the wallet being over-authorized, when we use DeFi products, it is worth reading the pop-up authorization statement carefully to avoid possible risks.
Wallet security is most important there is also helper security, here will not be repeated, the big star also for you to organize some daily use of the wallet security recommendations, you can learn from.
Try to choose the mainstream, internationally known, large number of users of digital wallets, careful use of new wallets, in addition, be sure to download the App from the official website of the wallet, to avoid the phishing site to download the wallet App was implanted with a back door
If you must use a newly launched wallet product, pay attention to whether the code of the wallet app is open source, whether it has been audited for security, and whether there is a CSO or security officer on the team, all of which may affect whether the security of the wallet is guaranteed during constant iterations and upgrades.
Always ensure the security of your wallet helper, and don’t import your helper or private key into unfamiliar platforms or wallets at will.
Pay attention to the security of the use of wallet passwords, especially when participating in various airdrops, and be wary of programs that require you to authorize your wallet password to log in.
Regularly clean up the authorization management in your wallet. If you have authorized some DeFi contracts and have some concerns and are not quite sure if it will be risky, you can also cancel it with some tools such as: approved.zone; revoke.cash
DeFi Security Guide
In the DeFi track, the more common risks are mainly the following, liquidation risk, risk of unremunerated losses, smart contract risk, the first two are natural losses and gains from asset fluctuations, which belong to the transaction level and are more related to the macro market, while the latter belongs to the technical level.
On June 2, CCTV13 news channel revealed a form of fraud involving technical aspects. In this 12-minute long report, the relevant fraud process was introduced in detail, i.e. after releasing a virtual currency at will on the Uniswap platform, then restricting it to buy but not sell by changing the code, and finally running away by clearing the liquidity.
Similar to this technical level of attack and fraud, it is difficult for ordinary users to identify, it can not be prevented, for the average investor, do not know the technology, it can only be judged from the project side, community development and other perspectives: good or bad.
First, check the details of the project. Such as white papers, official Twitter, Telegram, Discord and blogs. These are the efforts that can help you make a judgment to see if the project is a scam, and verify the relevant information through these channels as much as possible.
Verify smart contracts. By publishing and verifying smart contracts, you can find out some clues about the project, especially if a project only publishes smart contracts 24 hours before the release, it may indicate that the project owner has something to try to hide.
Don’t rush into contract addresses at will in FOMO sentiment. During the previous animal coin market, the contract addresses flying around the streets were proof that it is important to keep your sanity.
Use information from trusted sites such as Coingecko, coinmarketcap, etc. and be dialectical about what the community is spreading.
For DeFi products, always be aware of the liquidity of the pool. Generally speaking the size of the pool is directly related to the life and death of the project and the future, when there is a significant reduction in TVL, it is time to be vigilant
Always remember that high returns are always matched with high risks, make good risk expectations before investing, avoid FOMO emotions, do not overestimate your ability, and do not underestimate the sharpness of the capital sword, do not come to the end, originally thought to wait for a song of the first light, but you ended up stranded at the end of the night.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/defi-world-how-can-you-keep-your-money-safe/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.