DeFi Hacks Shift Security Narrative In Favor of CEXs
While DeFi attacks are on the rise, recent improvements in security practices have made centralized exchanges a favorable option for many cryptocurrency users to store their digital assets.
- The cryptocurrency industry has lost $681 million to hacks, thefts, and fraud this year.
- Many of the most serious incidents have been in the nascent DeFi space. DeFi is in an experimental phase and has not yet been battle-tested.
- Phemex and other centralized cryptocurrency exchanges have adopted sophisticated security measures to protect users as the industry has grown.
Share this article
DeFi hacks have become more common as the space has exploded. For many cryptocurrency users, centralized exchanges with appropriate security measures in place can be a better place to store funds than smart contracts.
The Rise in DeFi Attacks
Since Bitcoin launched in 2009, the ever-growing interest in the financial upside to cryptocurrencies has led to countless criminal attacks. According to data from crypto analytics firm CipherTrace, the crypto sector lost $681 million to hacks, thefts, and fraud from January through July 2021. While the industry is on track to lose over $1 billion through criminal attacks by the end of the year, the industry has recently made progress in its security practices. The industry lost $1.9 billion in 2020, while the total losses came to $4.5 billion in 2019.
CipherTrace’s research also found that criminal activity against centralized services like exchanges has reduced, whereas the number of DeFi hacks has dramatically increased. To date, DeFi-related hacks account for more than 75% of the total hack volume in 2021—a 270% jump from 2020.
DeFi has experienced explosive growth in 2020, which may explain the rise in criminal activity. The sector is not yet battle-tested, and using DeFi projects comes with many associated risks. Decentralized exchanges (DEXs) running through smart contracts on a blockchain such as Ethereum can pose critical security risks for their users. Many projects carry out audits, but even they can’t guarantee protection against an attack.
In recent months, several DEXs have been compromised due to smart contract vulnerabilities. Around $1.2 billion has been lost through hacks, rug pulls, and other incidents since the DeFi sector exploded in popularity in 2020.
Hackers employ various methods of attack such as flash loans, oracle manipulation, and infinite token minting. Such incidents have allowed hackers to siphon millions of dollars from liquidity pools on DEXs.
The biggest DeFi hack to date happened earlier this month. On the evening of Aug. 10, the cross-chain interoperability project Poly Network suffered a major attack resulting in a loss of $611 million.
After ongoing negotiations with the hacker, Poly Network recovered the stolen funds. Nevertheless, the incident highlights the risks associated with the DeFi space. The saga showed how a single vulnerability behind a well-known DEX can wreak financial havoc.
With DeFi, many projects operate outside of any governmental oversight and teams are often anonymous. Investing in such projects will always carry more inherent risk than investing in a company with a proven track record and a distinguished list of founders.
On the other hand, centralized exchanges (CEXs) have a lot more experience in protecting themselves than DeFi projects and have mostly stopped using hot wallets, thereby removing a big attack vector.
In this sense, many CEXs are more sophisticated than nascent DeFi protocols. The industry’s leading CEXs use API key-based security procedures that give individual traders or automated systems distinct and customizable access privileges, such as trading, deposit, and withdrawal limits. Such access management protocols, however, are not compatible with decentralized exchanges.
Phemex Has Implemented Strong Security Protocols
A notable point from CipherTrace’s data is the decline in the frequency of security incidents on centralized crypto exchanges (CEXs). This decline can be attributed to the ongoing DeFi boom and CEXs improving their crypto security protocols. Many of the leading CEXs have had years of experience in running trading platforms, which has allowed them to design robust infrastructure by learning from security errors that allowed past hacks.
From the infamous Mt. Gox incident of 2014 to last year’s KuCoin hack, many major incidents affecting crypto exchanges have generated critical data insights that contributed to developing better ways to protect wallet infrastructure.
Amid the rampant DeFi hacks in the last year, CEXs with sophisticated security infrastructure have been able to protect users’ funds. CEXs promise world-class security and are considered by many a safer place to deposit funds than web-based wallets such as MetaMask (many MetaMask users have had their funds swiped in attacks this year). CEXs control users’ private keys to their digital wallets, which may benefit some less experienced users.
CEXs often execute transactions using big crypto wallets, so it’s critical to maintain their security. Usually, CEXs look after two types of wallets: hot and cold. Hot wallets are linked to the web and allow instant deposits and withdrawals, which can make them prone to hacks. In comparison, cold wallets are not connected to the web and provide much stronger security. The large majority of hacks on CEXs affect hot wallets.
One reason for enhanced wallet security on CEXs is that some of them have stopped maintaining hot wallets. Other exchanges that actively hot wallets may still be at great risk. The Japanese crypto exchange Liquid Global fell victim to a hack targeting its hot wallets earlier this month.
Singapore-based crypto exchange Phemex has deployed a Hierarchical Deterministic Cold Wallet System to get around relying on hot wallets. This wallet architecture assigns independent cold wallet addresses for users to deposit their funds. Assets are therefore stored offline at all times.
Phemex uses offline signatures with strict careful human supervision for collecting crypto deposits and user transfers every day. The platform processes fund withdrawal requests through an offline signature, so the funds always remain within cold storage.
Besides their wallet system, the exchange has put in place multiple levels of security for user account security, making them more secure than DeFi. This includes a two-factor authentication mechanism, an automated double-entry bookkeeping system, firewalls, and network access management protocols. The exchange is also compliant with AML regulations and has insurance for its assets.
Speaking about the exchange’s security infrastructure compares with DeFi, a spokesperson at Phemex said:
“Human error can lead to many bugs and exploits with devastating consequences. With a CEX like Phemex, on the other hand, we offer many insurances and guarantees to cover customer losses in case of vulnerabilities. The additional control afforded to us a company allows us to address issues to an extent that is not possible in DeFi.”
In today’s environment, most exchanges, whether centralized or decentralized, are not immune to attacks. For novice investors, CEXs like Phemex that offer world-class security may be a better alternative. With extensive protocols guarding users’ funds, Phemex has had a great track record in maintaining funds’ security.
Highlighting Phemex’s track record, the company’s spokesperson added:
“The data speaks for itself. Phemex has never been hacked and is unlikely to ever experience such an incident given the amount of resources and attention placed on our security mechanisms.”
Although CEXs like Phemex have much better security than DEXs today, it is still worth noting that no web-facing platform is completely secure from hackers. The most trustworthy exchanges are those that adopt regulatory compliance and world-class security protocols. As one of crypto’s top exchanges, Phemex has become known for its sophisticated security practices. Until DeFi can offer a similar level of security and accountability, users should be aware of the risks of experimenting with the technology and controlling their own private keys. While the emergent space has shown a lot of promise, CEXs like Phemex offer a way to use cryptocurrencies without making the same compromises on security.