The Viability of DeFiAs BeInCrypto has previously reported, the incident prompted some to question the viability of the DeFi sector. Charlie Lee, the founder of Litecoin, said the fact that so-called decentralized applications have an admin key to pause contracts amounted to ‘decentralization theatre.’ Lightning Network developer Alex Bosworth shared a similar opinion:
Whether claims of absolute decentralization are accurate or not, the incident points at a much larger and more fundamental problem within the industry. Although the report by researchers at bZx states that all user funds are safe and that they have implemented a patch to stop future attackers using the same exploit, such reactive fixes do nothing to prevent future vulnerabilities. As financial applications, the likes of Fulcrum represent vast honeypots for hackers. Running constantly and with increasingly complex functions, the fact that so many smart contracts have already fallen victim to exploits proves that they make an alluring target. Reporter and industry observer Larry Cermak highlighted the issue via Twitter earlier Tuesday. He describes current DeFi applications as a constant “multi-million dollar bounty open 24/7 and with very little consequences.” Cermak concludes that creating a DeFi application must be an enduring headache for developers:
If your “defi” project has an admin key or a coordinator, a set of oracles, a group of validators or cosigners, a default trusted keys list, even if you “have plans to phase it out”, what you are actually doing is running a financial service. In other words you actually have no d— Alex Bosworth (@alexbosworth) February 15, 2020
The bZx developers themselves seem to agree with the above. Kyle J Kistner, CVO of bZx writes:
In all seriousness, I can’t even imagine the stress that the DeFi currently have EVERY SINGLE DAY. It’s a multi million dollar bounty open 24/7 and with very little consequences.— Larry Cermak (@lawmaster) February 18, 2020
“The space is evolving quickly, and security is becoming increasingly more dire as the barriers to entry to executing an exploit drop to zero. There is no analog to this in the traditional financial system. We are now in uncharted territories.”
Untested WatersMeanwhile, others have argued that people that the industry is still far too untested for people to be investing such large sums of money in new, complex dApps. In the following Twitter thread, Taylor Monahan, CEO of MyCrypto.com, details how bZx has been at the heart of several previous vulnerabilities:
Ultimately, she concludes that past DeFi exploits should be enough to steer people away from the industry. She also argues for greater accountability in the industry. However, with interest and subsequent investments in decentralized finance growing rapidly, and the applications also growing in complexity, it is undoubtedly a matter of when rather than if a similar incident to the Fulcrum hack will occur again.
The problem is idiots can build an exciting product, ignore security, refuse to learn, and still handle millions of dollars worth of your money bc y'all think #DeFi is safe. 😕— Taylor Monahan (@tayvano_) February 18, 2020
1. Start holding people accountable
2. Stop giving idiots your money
3. Start learning from history
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.