The decentralized financing, as well as the security risks

When it was the first encrypted currency, Bitcoin, it was He suggested in 2008The goal was simple: creating a digital currency free of banks and governments. Over time, this idea developed into something bigger: “The decentralized financing“DEFI”.

With decentralized financing, people are trading, borrowing and gaining benefit on encryption assets without relying on traditional intermediaries. Defi services are working on BlockchainsWhich is mainly a digital professor’s book and use.Smart contracts-The code of self-implementation that works to automate financial transactions. Tens of billions of dollars They poured into the Defi market.

But with innovation comes the risks. The lack of central censorship has made encryption, including decentralized financing, which is a major goal for infiltrators and deceptions. In 2024 alone, people lost Almost $ 1.5 billion Because of the exploits of security and fraud. Unlike traditional financing, there is no way to restore stolen encryption.

like Computer worldI wanted to better understand how people look at these risks and respond to them. So my colleagues and I first interviewed 14 investors for encryption, then I sought nearly 500 others to verify the validity of the results we reached.

Our study I found that people often committed the same mistakes, driven by repeated misconceptions and gaps in security awareness. Here are some of the most important.

Error 1: Thinking that Blockchain guarantees security

Many people told us that they believed that decentralized financing was safe – but their thinking was not very convincing. Some seem to confuse the decentralized financing with the Blockchain technology itself, which are designed to ensure that the transactions are resistant to the so -called “”Consensus“One of us told us that Defi is safe” because the infiltrator will have to bypass a full range of Blockchain “to steal money.

But Blockchain services are still vulnerable to implementation and defects design. These include violations of the smart nodes, as the bad guys take advantage of errors in the service code, and the front attacks, where a User interface It is changed to redirect money to a hacker wallet. A Frontal attack It is said that he was blaming a The latter amounting to $ 1.5 billion theft of encryption.

Error 2: Thinking about safe keys means safe money

Another common belief is that Defi is safe if the keys are stored well. The private key is a secret symbol that allows someone to reach encryption assets. It is true that in Defi – unlike in Central encryption financing The stock market carries special keys – users have full control of their own keys.

But even with the ideal special key management, users can still lose money by interacting with DEFI platforms at risk. This is because protecting special keys can only prevent direct attacks that aim to reach the private key, such as attempts to hunt.

People with whom we talked also failed to follow best practices to secure their own keys. The use of the hardware portfolio – a physical device that stores the special keys in a non -connection mode – is one of the most safe options to protect the keys from online threats. However, our study found that only a handful of participants already used devices port.

Error 3: Thinking about the approval of 2 factors is a silver bullet

Dual factors, or 2FA, is a standard safety mechanism in which two types of verification are required to reach an account. Think about sending a message to one time code before you can log in to your bank account.

To prevent account violations, Central encryption exchange Like Binance and the use of Coinbase Dual factors authentication For records, arithmetic recovery and cloud assurances. But while 2FA is very important to security in the traditional and central encryption funding system, it plays a much smaller role in decentralized financing.

Defi governor allows users to access based on private keys instead of checking identity, which means that traditional 2FA can be used. Instead, only 2FA mechanisms are available in Defi. For example, Multiple governor It requires approval from multiple private keys. However, if your own The private key It is at risk, the attackers can perform wallet operations on your behalf without any additional verification. In addition, even users who adopt 2FA measures cannot prevent security violations at the end of Defi services.

Unfortunately, our participants were very confident in the effectiveness of the 2FA, as one of them said: “The authenticity of the factors was one of the best solutions to maintain the safety of the governor.” In our poll, 57.1 % of users relied on 2FA as a single anti -action against The carpet is withdrawn– The project’s creators suddenly withdrawn money – and 49.3 % did this to exploit the smart contract. This undue confidence can lead them to ignore more effective security strategies.

Error 4: Not managing symbolic approvals

One of this effective strategy is to cancel symbolic approvals. In Defi, symbols are digital assets on Blockchain represent the value or rights, and users often need approval Smart contracts To reach or spend. But if you leave these approvals open, it will be a harmful nodes – or a nodes that have been penetrated – drain your wallet. Therefore, it is very important to verify all the symbolic approvals that it granted to prevent the losses caused by Defi’s fraudulent or penetrating services. Specifically, you should reduce spending allowances instead of using “unlimited” virtual option, and Approvals nullify For applications that you no longer use or trust.

Anxiety, we found that only 10.8 % and 16.3 % of the participants regularly and wiped symbolic approvals to protect against clouds from carpets and smart nodes, respectively. In light of this, we recommend that service providers provide a reminder feature to demand users to review their symbolic approvals periodically.

Error 5: Not learning from previous incidents

Even after penetrating or deceiving them, people often do nothing to improve their security practices. Only 17.6 % of those who reported the victims of the Defi fraud operated regularly symbolic approvals. Worse, 26 % took any action at all after a fraud, and doubled 16.4 % by investing more in other Defi services.

Surprisingly, more than half of the victims said that their faith in Divi either remained as it is or was stronger after the accident. One of the users who lost $ 4,700 for a carpet accident said, “My faith has grown in the cryptocurrency stronger after that because I earned good money from him,” said one of the users who lost $ 4,700 for a carpet accident. And that person added, “An opportunity to earn money is something I believe in.” This indicates that the financial motives of Defi users may sometimes outweigh their security fears – and perhaps, and perhaps their best rule.

There is no single solution suitable for everyone to the security of Defi. But awareness is the first step. To remain safe, encryption investors must use the device portfolios, cancel unused symbolic approvals and constantly learn new techniques to protect themselves from advanced threats. More importantly, they should remain rational and do not claim the attractiveness of profits that disturb their security practices.

This article has been republished from Conversation Under the creative public license. Read The original article.