{"id":283834,"date":"2021-06-25T17:37:00","date_gmt":"2021-06-25T14:37:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/the-radical-need-for-updating-blockchain-security-protocols\/"},"modified":"2021-06-25T17:37:00","modified_gmt":"2021-06-25T14:37:00","slug":"the-radical-need-for-updating-blockchain-security-protocols","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-radical-need-for-updating-blockchain-security-protocols\/","title":{"rendered":"# The radical need for updating blockchain security protocols"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a29b8b303891\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a29b8b303891\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/the-radical-need-for-updating-blockchain-security-protocols\/#Decentralized_technology_is_still_centralized\" >Decentralized technology is still centralized<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/the-radical-need-for-updating-blockchain-security-protocols\/#Recent_trends_in_hacks\" >Recent trends in hacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/the-radical-need-for-updating-blockchain-security-protocols\/#Practices_to_prevent_hacks_like_rug_pulls\" >Practices to prevent hacks like rug pulls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/the-radical-need-for-updating-blockchain-security-protocols\/#Improving_wallet_security_in_crypto\" >Improving wallet security in crypto<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/the-radical-need-for-updating-blockchain-security-protocols\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># The radical need for updating blockchain security protocols <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDYvYjQwZTVjYzgtNDc0OS00ZDc5LWJlMmEtZGQ2MTI4NjhhN2FjLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Decentralized finance (DeFi) is here to stay with over $100 billion in total value locked (TVL), <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/defillama.com\/home\">highlighting<\/a> the evidence of faith in these new financial tools. This investment will continue to increase, but it <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears that with each new record in TVL, there is another network attack being reported with astronomical losses.<\/p>\n<p>Crypto crime dropped 57% in 2020, but DeFi hacks surged, costing companies and investors billions of U.S. dollars. In March alone, there were several attacks within just a five-day period, with Paid Network losing $180 million. Later in May, PancakeBunny lost more than $200 million in a flash loan exploit.<\/p>\n<p>It is clear that there are far too many loopholes and hacks in current blockchain security protocols. From rug pulls to phishing scams, the security and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> of this space are not as mature as the numbers make them out to be. But there are critical practices that both developers and users can implement to close this gap.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Decentralized_technology_is_still_centralized\"><\/span>Decentralized technology is still centralized<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>No matter how decentralized a protocol claims to be, the underlying structure is still centralized. Looking at one of our core features of the internet, DNS records, every domain name is still centralized \u2014 owned by either a government, state or company that has the ultimate authority over the domain, and could shut it off if they choose. <\/p>\n<p>An example of centralization within decentralization is smart contracts. Those who write Ethereum or Binance smart contracts have the final say in what&#8217;s in the code, and there are ways to code nefarious programs, like rug pulls, into smart contracts.<\/p>\n<p>During the yield farming boom of summer 2020, we saw many protocols pop up to profit off of the money pouring into DeFi, and this continued into this year. In March, TurtleDex executed a rug pull, which was effectively a backdoor in the smart contract that resulted in $2.5 million stolen from investors. This intentional feature allows developers to program scams that are then executed depending on other events in the code, and TurtleDex is one of many projects this year that programmed a rug pull.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Yield farming is a fad, but DeFi promises to change the way we interact with money<\/em><\/strong><\/p>\n<p>Smart contract audits are a good way to prevent rug pulls, but even then we see cases where the developers will switch the audited smart contract for an unaudited one. The case of Compounder <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.investopedia.com\/articles\/forex\/042315\/beware-these-five-bitcoin-scams.asp\">demonstrates<\/a> how easy it is for a scam project to gain clout off of known, reputable names in the space. They were able to quickly capitalize on Harvest Finance and Yearn.finance before pulling the rug on their users and walking away with millions of dollars in crypto. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Default auditing for DeFi projects is a must for growing the industry<\/em><\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Recent_trends_in_hacks\"><\/span>Recent trends in hacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Apart from rug pulls, there are many popular attacks that can cause an entire company to crumble if they are not prepared. A 51% attack \u2014 which is when a group of miners controls more than 50% of the network\u2019s mining hash rate, allowing them to exclude or manipulate transaction records to execute double-spends or disrupt a blockchain \u2014 is still frequent. Firo and Grin both recently suffered from 51% attacks.<\/p>\n<p>Even some cryptocurrency projects with leading market cap sizes are still not secure. In February, it was reported that 200 days of XVG transactions on the Verge network were erased, effectively being the \u201cdeepest reorg that has ever taken place in a top 100 crypto.\u201d<\/p>\n<p>We accept these errors as a part of the blockchain experience, but what would be the reaction if the same thing happened to a major bank, for example? There would likely be a lot more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a> headlines and uproar from users and clients. These events go largely unnoticed in crypto because there are fewer users, but with the recent bull market, this is changing. Inevitably, more scrutiny will be placed on the security of public blockchains. <\/p>\n<h2><span class=\"ez-toc-section\" id=\"Practices_to_prevent_hacks_like_rug_pulls\"><\/span>Practices to prevent hacks like rug pulls <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Unfortunately for developers, hacks are always a possibility while working in crypto. The question is not how to prevent hacks, but how to prevent your chances of getting hacked. Some advancements in hardware wallets \u2014 like Gnosis Safe\u2019s multisignature wallet, for example \u2014 are key elements to improving overall security. <\/p>\n<p>Using a multisig wallet allows multiple users to hold keys for the same wallet and requires mutual participation to execute actions on the account. Because a wallet like this requires input from multiple users in order to make trades, it is almost impossible to execute rug pulls with this type of vault. <\/p>\n<p>Another security practice to prevent rug pulls is timelocks. Many decentralized apps use timelocks so that if a developer tries to rug pull its users, you have a warning of about 12 to 24 hours to remove the funds. <\/p>\n<p>These types of security practices will encourage wider trust in DeFi, and create a culture around security that will advance our industry. <\/p>\n<h2><span class=\"ez-toc-section\" id=\"Improving_wallet_security_in_crypto\"><\/span>Improving wallet security in crypto<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Wallet security ultimately comes down to developers and users implementing smarter practices. Regular security audits and internal security practices can all contribute to safer wallets. <\/p>\n<p>While security audits are a good solution, Uniswap and other automated market maker-based decentralized exchanges (DEXs) are permissionless, therefore it is impossible to perform regular audits. The best practice is to understand the specifics around \u201cfair launch\u201d coins \u2014 projects that are launched from a DEX. Although many of these projects are high quality, many have been known to have major exploits. Open-source code makes it easier for anyone to audit by themselves and verify whether the smart contract is safe, giving the users more tools to practice good security.<\/p>\n<p>It may seem like a big feat to ask a user to practice good security, but it is required in order to access the many benefits of cryptocurrencies and, especially, DeFi. With traditional banks, the bank is responsible for security, but in crypto, security comes down to the practices of the developers and users.<\/p>\n<p>If you forget your bank password or send funds to the wrong person, you can contact your bank to mitigate the transaction until it is resolved. But in crypto, if you lose your keys or send money to the wrong address, there is no backup option. One of many upsides, of course, is that you don&#8217;t have to worry about whether your funds are available in crypto, while banks can close their doors and impose capital controls, like what <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/money.cnn.com\/2015\/06\/28\/news\/economy\/greece-banks-ecb\/index.html\">happened<\/a> in the 2015 Greece banking crisis. <\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>As developers, we need to implement cross-validation and security audits, along with holding each other accountable for developing increasingly improved security practices. <\/p>\n<p>Users should consider carrying out their own security protocols and understand the nuances in storage and potential hacking scenarios. A good practice for passive crypto holders is to have a hardware wallet disconnected from the internet or a paper wallet that is 100% offline and doesn\u2019t require syncing online for any firmware updates.<\/p>\n<p>Phishing attacks, one of the original types of internet hacks, are still common and frequent. The way to combat phishing attempts is to verify if the sender is genuine. <\/p>\n<p>Do not enter your private keys or seed phrases on any website or send them to anyone in public channels or DMs. <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">General<\/a>ly, you should only enter your seed phrase when you initially set up your wallet. Moreover, you should only enter your seed phrase if you need to recover your wallet after forgetting your password, need to import an existing wallet to a new device or use the compatible wallet software. It is generally recommended to use hardware wallet devices that will never leak your seed to any kind of software \u2014 not even a trusted wallet application or software could be recommended in many cases.<\/p>\n<p>As we continue to build our new global (mostly) DeFi economy, it is crucial that security is improved so that mainstream adoption and capital can continue to flow into the space, so that the next generation can access new frontiers of financial independence.<\/p>\n<p class=\"post-content__disclaimer\"><em>This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.<\/em><\/p>\n<p class=\"post-content__disclaimer\"><em>The views, thoughts and opinions expressed here are the author\u2019s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Kadan Stadelmann<\/strong> is a blockchain developer, operations security expert and Komodo Platform\u2019s chief technology officer. His experience ranges from working in operations security in the government sector and launching technology startups to application development and cryptography. Kadan started his journey into blockchain technology in 2011 and joined the Komodo team in 2016.<\/div>\n<\/div>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/the-radical-need-for-updating-blockchain-security-protocols\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# The radical need for updating blockchain security protocols &#8221; Decentralized finance (DeFi) is here to stay with over $100 billion in total value locked (TVL), highlighting the evidence of faith in these new financial tools. This investment will continue to increase, but it appears that with each new record in TVL, there is another&#8230;<\/p>\n","protected":false},"author":1,"featured_media":283835,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDYvYjQwZTVjYzgtNDc0OS00ZDc5LWJlMmEtZGQ2MTI4NjhhN2FjLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74863,74983,74868,74882,70944,72287,4965],"class_list":["post-283834","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cryptocurrencies","tag-decentralization","tag-defi","tag-hacks","tag-hackers","tag-security","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/283834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=283834"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/283834\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/283835"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=283834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=283834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=283834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}