{"id":509704,"date":"2022-11-14T00:46:51","date_gmt":"2022-11-13T21:46:51","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/developers-could-have-prevented-cryptos-2022-hacks-if-they-took-basic-security-measures\/"},"modified":"2022-11-14T00:46:51","modified_gmt":"2022-11-13T21:46:51","slug":"developers-could-have-prevented-cryptos-2022-hacks-if-they-took-basic-security-measures","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/developers-could-have-prevented-cryptos-2022-hacks-if-they-took-basic-security-measures\/","title":{"rendered":"# Developers could have prevented crypto&#8217;s 2022 hacks if they took basic security measures"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a28705c6f32d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a28705c6f32d\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/developers-could-have-prevented-cryptos-2022-hacks-if-they-took-basic-security-measures\/#%E2%80%9D_Developers_could_have_prevented_cryptos_2022_hacks_if_they_took_basic_security_measures_%E2%80%9C\" >&#8221; Developers could have prevented crypto&#8217;s 2022 hacks if they took basic security measures &#8220;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/developers-could-have-prevented-cryptos-2022-hacks-if-they-took-basic-security-measures\/#A_better_proposal\" >A better proposal<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Developers_could_have_prevented_cryptos_2022_hacks_if_they_took_basic_security_measures_%E2%80%9C\"><\/span>&#8221; Developers could have prevented crypto&#8217;s 2022 hacks if they took basic security measures &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTEvZmRkY2Y3ZDgtMTcxMi00MjRmLThjYjAtZTM4Yjg1NzIwNzZlLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-e13e51fa>Users losing funds due to malicious activity is hardly unknown on Ethereum. In fact, it is the very reason researchers recently developed a proposal to introduce a type of token that is reversible in the event of a hack or other unsavory behaviors.\u00a0<\/p>\n<p>Specifically, the suggestion would see the creation of an ERC-20R and ERC-721R, which would be modified versions of the standards that govern both regular Ethereum tokens and nonfungible tokens (NFTs). <\/p>\n<p>The premise goes like this: this new standard would allow users to make a \u201cfreeze request\u201d on recent transactions that would lock those funds until a \u201cdecentralized judiciary system\u201d determined the validity of the transaction. Both parties would be allowed to present their evidence, and the judges would be chosen at random from a decentralized pool to minimize collusion. <\/p>\n<p>At the end of the process, a verdict would be reached and either the funds would be returned or they would stay where they are. This decision would then be final and subject to no further contention. This would open up a practical avenue for victims of hacks and other malicious activity to get their assets back in a direct and community-driven manner. <\/p>\n<p>Unfortunately, this may well be an unnecessary and ultimately harmful proposition. One of the cornerstones of the decentralized philosophy is that transactions only go in one direction. They can\u2019t be undone under virtually any circumstances. This new protocol change would undermine that fundamental precept and in order to fix what isn\u2019t broken. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">So how does this work when an attacker steals ERC-20R and cashes out to ETH via a DEX in the same transaction? Or ERC-20R will be incompatible with the current DeFi ecosystem? <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/n5pN82ZBBe\">https:\/\/t.co\/n5pN82ZBBe<\/a><\/p>\n<p>\u2014 Roman Semenov  \ufe0f (@semenov_roman_) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/semenov_roman_\/status\/1574066235356110849?ref_src=twsrc%5Etfw\">September 25, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>There\u2019s also the fact that even implementing such tokens would be a logistical nightmare. Unless every single platform shifted over to the new standard, then there would be huge gaps in the system, meaning that thieves could simply quickly swap their reversible assets for non-reversible ones and avoid the repercussions entirely. This would render the entire asset completely pointless, and more than likely users would simply not engage with it.<\/p>\n<p>Furthermore, the whole idea of a judicial review implies centralization. Isn\u2019t independence from a third party the exact thing cryptocurrency was created for? The existing proposal isn\u2019t clear on how these judges are chosen, other than it will be \u201crandom.\u201d Without the system being very carefully balanced, it\u2019s hard to say that collusion or manipulation is impossible.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"A_better_proposal\"><\/span>A better proposal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ultimately, the notion of a reversible crypto asset may be well-intentioned but is also entirely unnecessary. The premise introduces many new complexities in terms of its actual integration into existing systems, and that is even assuming platforms want to utilize it. However, there are other ways to achieve security in the decentralized ecosystem that don\u2019t undermine what makes cryptocurrency so powerful to begin with.<\/p>\n<p>For one, auditing of all smart contract codes on an ongoing basis. Many problems in decentralized finance (DeFi) arise from exploits present in the underlying smart contracts. Comprehensive and independent security audits can help to find where potential problems exist before these protocols are released. Furthermore, it\u2019s important to try to understand how multiple contracts will interact together when they go live, as some issues only arise when they are used in the wild.<\/p>\n<p>Any deployed contract will have risk factors that should be monitored and defended against. However, many development teams do not have a robust security monitoring solution in place. Often, the first sign that something problematic is h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ening comes from an on-chain diagnosis. Massive or unusual transactions and other uncommon transaction patterns can point to an attack that is happening in real-time. Being able to spot and understand these signals is key to staying on top of them.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Biden\u2018s anemic crypto framework offered nothing new<\/em><\/strong><\/p>\n<p>Of course, there also needs to be a system in place for documenting and recording events and communicating the most important information to the correct entities. Some alerts can be sent to the developer team and others can be made available to the community. With a community thus informed, better security can come in a manner that aligns with the decentralized ethos rather than it being relegated to a function of a judicial review. <\/p>\n<p>Let\u2019s look back at the Ronin hack as an example. It took a full six days for the team behind the project to realize an attack had occurred, only becoming aware when a user complained that they were unable to withdraw funds. If real-time monitoring of the network had been in place, a response could have happened almost instantly when the first large, suspicious transaction occurred. Instead, nobody noticed for almost a week, giving the attacker ample time to continue to move funds and obscure their history.<\/p>\n<p>It seems fairly obvious that reversible tokens wouldn\u2019t have helped this situation much, but monitoring could have. By the time it was noticed, many of the stolen coins had been transferred repeatedly across wallets and exchanges. Could all of these transactions just be reversed? The complexities introduced, as well as the possible new risks created, mean that this endeavor simply isn\u2019t worth the effort. Especially when you consider that powerful mechanisms already exist that can offer a similar level of security and accountability. <\/p>\n<p>Instead of messing with the formula that makes crypto so powerful, it would make much more sense to implement comprehensive and continuous security processes across Web3 so that decentralized assets remain immutable but not unprotected.<\/p>\n<div>\n<div style=\"background: rgb(239, 239, 239); border: 1px solid rgb(204, 204, 204); padding: 10px;\"><strong>Stephen Lloyd Webber<\/strong> is a software engineer and author with diverse experience in simplifying complex situations. He is fascinated by open source, decentralization and anything on the Ethereum blockchain. Stephen is currently working in product marketing at Open Zeppelin, a premier crypto cybersecurity <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> and services company, and has an MFA in English writing from New Mexico State University.<\/div>\n<\/div>\n<p><em>This article is for <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author\u2019s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/developers-could-have-prevented-crypto-s-2022-hacks-if-they-took-basic-security-measures\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Developers could have prevented crypto&#8217;s 2022 hacks if they took basic security measures &#8220; Users losing funds due to malicious activity is hardly unknown on Ethereum. In fact, it is the very reason researchers recently developed a proposal to introduce a type of token that is reversible in the event of a hack or&#8230;<\/p>\n","protected":false},"author":1,"featured_media":509705,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTEvZmRkY2Y3ZDgtMTcxMi00MjRmLThjYjAtZTM4Yjg1NzIwNzZlLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74863,74882,78261,70375,70944,72287,70759,4965],"class_list":["post-509704","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cryptocurrencies","tag-hacks","tag-tech-analysis","tag-cybersecurity","tag-hackers","tag-security","tag-tech","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/509704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=509704"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/509704\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/509705"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=509704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=509704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=509704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}