Security in DeFi Needs a Trust Rebuild For Significant Institutional Adoption

With several US bank failures and a few near misses threatening to bring the traditional finance system to a standstill, the decentralized finance (DeFi) sector is witnessing an uptick in capital inflows. However, while retail investors are jumping in head-first, institutions are wary of dipping their toes following a spate of DeFi security breaches last year. Regulations are undoubtedly on their way, but by implementing industry-grade audits and monitoring services, any platform could be ready for institutional investment.

There Truly Is Interest, But We’re Lacking Security

According to recent statistics from Avantgarde, 75% of investors surveyed indicated that they intended to invest in DeFi during 2023. Additionally, take into account that multiple industry giants, such as Siemens, JP Morgan, Nomura, and BlackRock are entering into the DeFi space. Moody's Corporation is even developing a stablecoin scoring system, which stands to bring more clarity and legitimacy into this space, giving investors meaningful assessments of the most popular assets, all from a trusted name.

However, if the DeFi space hopes to continue to see this type of interest and growth, it needs to address the ongoing security concerns that are holding back the industry. According to Chainalysis’ latest analysis, hackers stole $3.8 billion in 2022, up from $3.3 billion in 2021. Of this, DeFi protocols accounted for about 82%, or $3.1 billion, of all the digital assets stolen in 2022.

These weren’t just small shady operations either, but names users thought they could trust, like the Ronin Network, the blockchain that provides service for popular Web3 game Axie Infinity, which was drained of $625 million last year. Then there’s Mango Markets, which saw an attacker manipulate both the platform and the price of their governance token in order to steal $117 million. Even Binance’s BNB chain was affected, with a loss to the tune of $568 million.

These events, and many others, highlighted the fact that even seemingly legitimate services were susceptible to significant, unexpected losses. The fact is, these events occur because of oversights or actual errors in smart contract code that allow for attackers to exploit these services and siphon off funds.

Firms that deal in billions of dollars cannot tolerate the possibility of a major hack like the ones we’ve seen in DeFi. If significant institutional money is to come into the space, investors need to feel confident that they won’t be burned by a security breach.

What Real Solutions Look Like

Institutional investors will require frictionless access, top notch custodial solutions and clear regulatory compliance before they will begin flocking to the DeFi space. For starters, financial firms want to deal with systems that are familiar and come with approval from trusted authorities. However, all of this is irrelevant if the security of the platforms in question is anything less than institutional grade.

This level of reliability requires more than internal audits by the developers themselves. Instead, projects need to start solidifying from the ground up. What this means is utilizing code and architecture that is already battle tested and proven to be secure. Furthermore, comprehensive third-party audits of all smart contracts should be performed not only before any platform is launched into the wild, but also regularly as updates are applied. This is the frontline of ensuring all code is of the highest quality and ready for investors to rely on.

The truth is, even this isn’t enough. Despite the best code auditing available, there still needs to be comprehensive real time monitoring of all DeFi systems. Often, the very first indicator that an attack is underway is unusual transactions on the network. Without explicit oversight, it can take far too long for network administrators to respond, by which time the lost funds are irrecoverable - gone. However, by implementing constant network monitoring, such events can be detected as they are happening. On top of this, there need to be clearly defined rails for response from security teams, allowing for these events to be intercepted in minutes, not hours or days.

It’s exactly this level of professional, enterprise grade infrastructure that is needed across DeFi if we are to see broader institutional interest. With safeguards like the ones outlined, financial firms can feel much more secure that they won’t suddenly find their investments drained via malicious attackers. This would bring DeFi up to the status enjoyed by legacy institutions, and promote the integration of the entire economy into one cohesive whole.

Right now, the nature of the existing risks for loss of funds is holding real institutional interest at bay. These companies can’t gamble on wild west code. However, by attacking the issue with both third party audits as well as ongoing real time monitoring, hackers can largely be mitigated and investors can feel confident that their portfolios are safe. This is possible now, and it’s what is needed to bring true, professional integration to the DeFi space.

About the Author: Stephen Webber

Stephen is a software engineer and author fascinated by open source, decentralization, and anything on the Ethereum blockchain. He is currently working in product marketing at OpenZeppelin, a crypto cybersecurity technology and services company, and has an MFA in writing from New Mexico State University.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.