When it was the first encrypted currency, Bitcoin, it was He suggested in 2008The goal was simple: creating a digital currency free of banks and governments. Over time, this idea developed into something bigger: “The decentralized financing“DEFI”.
With decentralized financing, people are trading, borrowing and gaining benefit on encryption assets without relying on traditional intermediaries. Defi services are working on BlockchainsWhich is mainly a digital professor’s book and use.Smart contracts-The code of self-implementation that is automated by financial transactions. Tens of billions of dollars They poured into the Defi market.
But with innovation comes the risks. The lack of central censorship has made encryption, including decentralized financing, which is a major goal for infiltrators and deceptions. In 2024 alone, people lost Almost $ 1.5 billion Because of the exploits of security and fraud. Unlike traditional financing, there is no way to restore stolen encryption.
like Computer worldI wanted to better understand how people look at these risks and respond to them. So my colleagues and I first interviewed 14 investors for encryption, then I sought nearly 500 others to verify the validity of the results we reached.
Our study I found that people often committed the same mistakes, driven by repeated misconceptions and gaps in security awareness. Here are some of the most important.
Many people told us that they believed that decentralized financing was safe – but their logic was not very convincing. Some seem to confuse the decentralized financing with the Blockchain technology itself, which are designed to ensure that the transactions are resistant to the so -called “”Consensus“One of them told us that Defi is safe” because the infiltrator will have to bypass the entire Blockchain group “to steal money.
But Blockchain services are still vulnerable to implementation and defects design. These include smart nodes violations, as the bad guys take advantage of errors in the service code and front attacks, where the user interface is changed to redirect money to a hacker wallet. A Frontal attack It is said that he was blaming a The latter amounting to $ 1.5 billion theft of encryption.
Another common belief is that Defi is safe if the keys are stored well. The private key is a secret symbol that allows someone to reach encryption assets. It is true that in Defi – unlike in Central encryption financing The stock market carries special keys – users have full control of their own keys.
But even with the ideal special key management, users can still lose money by interacting with DEFI platforms at risk. This is because protection of private keys can only prevent direct attacks that aim to reach the private key, such as Hunting attempts.
People with whom we talked also failed to follow best practices to secure their own keys. The use of the hardware portfolio – a physical device that stores the special keys in a non -connection mode – is one of the most safe options to protect the keys from online threats. However, our study found that only a handful of participants already used devices port.
Dual factors, or 2FA, is a standard safety mechanism in which two types of verification are required to reach an account. Think about sending a message to one time code before you can log in to your bank account.
To prevent account violations, Central encryption exchange Like Binance and Coinbase, use bilateral authentication factors for records, account recovery and cloud assurances. But while 2FA is very important to security in the traditional and central encryption funding system, it plays a much smaller role in decentralized financing.
Defi governor allows users to access based on private keys instead of checking identity, which means that traditional 2FA can be used. Instead, only 2FA mechanisms are available in Defi. For example, Multiple governor It requires approval from multiple private keys. However, if your own key is hacked, the attackers can perform a wallet on your behalf without any additional verification. In addition, even users who adopt 2FA measures cannot prevent security violations at the end of Defi services.
Unfortunately, our participants were very confident in the effectiveness of the 2FA, as one of them said: “The authenticity of the factors was one of the best solutions to maintain the safety of the governor.” In our poll, 57.1 % of users relied on 2FA as a single anti -action against The carpet is withdrawn Fraud operations where the project’s evolving suddenly withdrew – and 49.3 % did this to exploit the smart contract. This undue confidence can lead them to ignore more effective security strategies.
One of this effective strategy is to cancel symbolic approvals. In Defi, the Blockchain digital asset symbols represent the value or rights, and users often need to agree to smart contracts to reach or spend. But if these approvals are left open, the harmful nodes – or the hacked nodes – can drain your wallet. Therefore, it is very important to verify all the symbolic approvals that it granted to prevent the losses caused by Defi’s fraudulent or penetrating services. Specifically, you must reduce spending allowances instead of using the default “unlimited” option. Approvals nullify For applications that you no longer use or trust.
Anxiety, we found that only 10.8 % and 16.3 % of the participants regularly and wiped symbolic approvals to protect against clouds from carpets and smart nodes, respectively. In light of this, we recommend that service providers provide a reminder feature to demand users to review their symbolic approvals periodically.
Even after penetrating or deceiving them, people often do nothing to improve their security practices. Only 17.6 % of those who reported the victims of the Defi fraud operated regularly symbolic approvals. Worse, 26 % took any action at all after a fraud, and doubled 16.4 % by investing more in other Defi services.
Surprisingly, more than half of the victims said that their faith in Divi either remained as it is or was stronger after the accident. “My faith in the cryptocurrency has become stronger after that because I earned good money than him,” said one of the users who lost $ 4,700 due to a carpet accident. And that person added, “An opportunity to earn money is something I believe in.” This indicates that the financial motives of Defi users may sometimes outweigh their security fears – and perhaps their best rule.
There is no single solution suitable for everyone to the security of Defi. But awareness is the first step. To remain safe, encryption investors must use the device portfolios, cancel unused symbolic approvals and constantly learn new techniques to protect themselves from advanced threats. More importantly, they should remain rational and do not claim the attractiveness of profits that disturb their security practices.
Mingy Liu does not work with, consulting or receiving stocks from any company or institution that will benefit from this article, and has not revealed any related affiliations that exceed its academic appointment.
