Changes and Trends in DeFi Security

Dmitry Mishunin HackerNoon profile picture

Dmitry Mishunin

CEO HashEx

Ever since it emerged in mid-2020, DeFi has been a major trend in the cryptocurrency industry, which was (and still is) quite understandable. It brought a way to make money passively, it enabled loans that you can get in exchange for providing collateral, but most importantly, it allowed you to use your existing money to make more money, without the risks that accompany crypto trading.

Of course, it encountered a whole new world of risks — that of scams and fraud, which reminds a lot of how ICOs exploded only to be misused by scammers in 2017. It has been two years since DeFi emerged, and these days, I noticed that scams and fraud in DeFi, while still present, have a much lesser impact than they did in the past.

For example, according to Chainalysis data, $1.7 billion was stolen by bad actors so far in 2022, and 97% of that money comes from DeFi protocols. By comparison, in 2021, the total amount that was stolen in cryptocurrency was $14 billion. However, given that we are almost halfway through this year, the situation is significantly better.

Why are the figures so much lower this year?

As it turns out, DeFi users got more educated in terms of DYOR and project research. They are approaching new projects with greater care, and they are taking the time to study communities and audits more thoroughly. They are getting better at recognizing suspicious projects and are becoming more careful about where they put their money. In other words, it is getting more difficult to trick people, so scammers cannot fool them so easily anymore.

This means that they have to turn to exploiting flawed projects by searching for bugs in smart contracts, and put in more effort to steal money.

2021 saw a massive crypto price surge which brought wave after wave of new users to the industry, and many of them ended up in the DeFi sector. However, since they were new, and lacked experience in the field, rug pulls were fairly easy to pull off. Presently, because numerous platforms — including ours — are taking a different approach, educating users about different types of scams and talking about different ways to tackle them, people have learned how to protect themselves.

Not only that, but project owners are paying greater attention to their own projects’ security. At HashEx, for example, we’ve seen a triple increase in the number of audits conducted by projects between Q1 2021 and Q1 2022. As a result, launching a successful attack now takes considerable time and serious expertise for hackers. Today it is more beneficial for them to expend more time and effort on preparing for an attack and studying a project for vulnerabilities. That way, they stand a better chance of getting away with more stolen funds.

DeFi projects are improving their security measures

The overall security of projects has seen some significant improvements in recent times. There still remains a fair share of simple bugs that developers can easily miss if not paying attention, but a lot of the classic exploits have been patched with new frameworks and security tools. So criminals started to look for more ingenious ways to find exploits. Some of them find themselves probing for errors in smart contracts’ business logic, targeting third-party services in hopes of getting to the project through them.

In the past, hackers could launch an attack in a single hour after targeting a project. Now, it can often take months to prepare a single attack, and there is still a possibility of it failing. Still, there are many who are not discouraged by this, as the crypto industry lacks the ways to punish those who try to misuse its technology. Hackers are now thinking about how to pull off an attack, and then what to do with the money. They used to have this approach with the banks, until early 2000, when the banks started employing more capable people.

These days, bank hacks are quite rare, and targeting them is very risky. If you try to rob a bank and you take one wrong step or your plan turns out to be not as good as you thought, you will get caught and face criminal charges. The fear of that has not yet arrived into crypto, as there are no high levels of prosecution involved. Of course, we are heading in that direction, and with greater regulations, the law will eventually protect crypto users and punish thieves and robbers in the same way that it does those that target traditional banks.


In the end, self-regulation has brought us this far, and continuing to put more effort into security can get us even further as we continue to improve the industry. Along the way, we will get more rules and guidelines from regulatory bodies, which will help reduce the number of hacks, frauds, and other forms of criminal behavior, making the DeFi sector — and the entirety of the crypto industry — safer and more rewarding for everyone.