Is DEFI safe?

8rvz...SVQt

6 Aug 2023

The Ripple representative at the Devos conference said that currently, the crypto market is at a stage when all bad blood has been purified, and compared it with the DOT.com bubble from 2001.
After a lot of internet companies have crashed and claimed bankruptcy, a few of the rest have survived and become more powerful, year after year, Amazon, or Google will be a good example.
What "bad blood" he was meant?
I bet we all could hear about affairs connected with Luna, Celsius's insolvency, or the crash of the FTX.
There were many more spectacular disasters during this, let's say crypto bubble.
I'd like to draw attention to the enormous amount of various DAPPs based on DEFI (decentralized finances), like DEXes, or other crypto investment platforms that emerge during this Hossa.
There is no doubt that an innovative type of platform business took over a large part of the crypto market, thanks to its anonymity and pretty wide scope of accessible crypto tokens.
Their popularity resulted from executing transactions by use of smart contracts - self-executing agreements written in code.
This made DEXes a real 2-to2 crypto marketplace where cryptocurrency traders could make transactions directly without handing over the management of their funds to an intermediary or custodian.
The smart contracts are often certified by outside specialized companies (like Certik) so they seem to be quite legit and clear.
Properly written programming code can't cheat us, isn't it?
... Well, in real life different shit will happen.

One of the most famous hacks was carried on Polychain Network.
Namely, an unknown attacker penetrated two of the most significant POLY CHAIN smart contracts and robbed 610 million dollars, and transfer them to unrelated addresses (on ETHER and Binance blockchains).
Luckily the Polychain founders managed to contact the hacker and make a composition, so finally, the hacker returned about half of the stolen funds.

Also, an impressive amount was stolen from another DEFI platform - Wormhole, it's a so-called "bridge" where you can send tokens between different blockchains, for example, ETH-BNB or ETH-SOLANA.
In this case, the vulnerability of badly written code in the smart contract was used to steal 325 million $ in wrapped ETH.
The hacker using a forged, valid signature for a transaction managed to freely mint 120,000.
Then this amount was exchanged for around $250 million in Ethereum that was sent from the Wormhole platform to the hackers’ account. This resulted in liquidating a large amount of the platform’s Ethereum funds that were being held as collateral for transactions on the Solana blockchain.

Another, quite different danger connected with DEFI is so-called rug pulls.
These methods maybe aren't so spectacular as the two described above, but they can be even more dangerous, because of their simplicity, they can appear very often.
This happens when developers create a token paired with standard cryptos like ETH or USDT, list the token on a DEFI exchange (DEX), and pull all the funds out from the liquidity pool after investors' buy-in.
A more exact description of this mechanism is featured on the Coingecko website ( link placed at sources.
The (in)famous rug pull was made on Squid Token (named after a famous Netflix serial) when 2,3 billion dollars from investors just disappeared.
We can admire, that great dumping rug pull on a movie attached below.