Whilst cryptocurrency can be an exciting and rewarding investment, it is vital to have an understanding of web3 security and the measures needed to protect yourself and your fund.
Transparency and Accountability. CertiK KYC provides identity verification for project teams- to help investors make shrewder decisions based on an awareness of web3 security.
Smart Contract Audits. Check out the CertiK Security Leaderboard, which rates and ranks all onboarded projects in terms of their security.
Authentication Methods. In securing your accounts you should set up 2 Factor authentication so that a hacker would need to have both your password and the device to be able to access your account.
Hot and Cold Wallets. People will hold some of their funds on a cold wallet for security, and some on a hot wallet to allow for a smoother flow of funds.
2022 was a painful year for many in crypto. Alongside a broad market downturn, the year was punctuated by a number of major exploits, collapses, and bankruptcies.
With one major exception, the largest losses of user funds this year resulted from centralized platforms going insolvent, as falling asset prices exposed their unsustainable business practices.
The spark that ignited this fire was also the exception to the trend. When Terra’s algorithmic stablecoin lost its peg in May, the collapse came swiftly. In a matter of days, $45 billion of value was wiped from the market capitalization of TerraUSD and its reserve asset: LUNA.
This all occurred on-chain. It was a spectacularly visible collapse. What wasn’t so visible was the exposure that major centralized organizations had to the Terra ecosystem.
Unsecured loans, opaque use of customer funds, and many allegations of outright fraud combined to create the perfect storm. Now that the dust has settled, at least for the moment, we can take stock of the major players that were wiped out over the course of 2022.
With many billions of dollars now locked up in bankruptcy proceedings, the scale of losses from centralized crypto firms dwarfs the sum lost from decentralized protocols in 2022.
But that doesn’t mean that all is well in the world of DeFi. 2022 has seen approximately $3 billion lost from Web3 platforms, the worst year on record.
Web3 offers fundamental solutions to the underlying causes of centralized meltdowns. Real-time proof of solvency, on-chain transparency, and open-source applications combine to create a free and fair ecosystem. Centralized organizations that do not incorporate these values cannot legitimately be called crypto companies, they’re part of the same old system that Web3 is replacing.
On the one hand, the industry seems to be learning the hard lessons of this year. It’s heartening to see a number of major exchanges adopting cryptographic proof of reserves, which are one way to bring the best of Web3 to centralized platforms.
On the other hand, there’s still a lot of work to be done. Tto deliver on its fundamental promise, Web3 needs to address its security problem. It’s not enough to just lose less money than centralized finance, not when the tally is still in the billions of dollars. Web3 needs to be a safe, secure place for everyone to transact.
In this report, we go through some of the year’s biggest losses and outline the steps Web3 needs to take to reach its revolutionary potential.
Mango Markets is a trading platform built on Solana. It leverages the Serum DEX for spot and margin trading, while perpetual contract trading take place on Mango’s own orderbooks.
As is typical of exchanges that allow for margin trading, users can deposit assets as collateral and borrow against them.
Herein lay the problem: Mango Markets allowed the platform’s governance token – with a relatively low market capitalization and illiquid orderbooks – to be used as a collateral asset.
This exploit was unique in that the attacker came forward to claim credit.
On October 15, Avraham Eisenberg described the exploit as “a highly profitable trading strategy.” The team he was a part of pumped the price of the MNGO token, which then allowed them to borrow against this inflated value until the protocol was left insolvent.
This insolvency was not the result of a smart contract flaw or any other sort of hack. The protocol functioned as it was designed. The designers just failed to take into account the risk of allowing illiquid tokens to be used as collateral.
Eisenberg proposed returning the funds in exchange for a bounty, which is eventually what happened after a vote by the Mango DAO.
Eisenberg and co. were left with a sizable $47 million “white hat” bounty in return for their stress test of Mango Markets.
Since this exploit there have been a number of almost identical incidents in the fourth quarter of 2022, all of which involve illiquid tokens being used as collateral assets.
Moola Markets lost over $8 million in November, and Lodestar Finance lost $6.9 million in December.
These exploits highlight the importance of secure protocol design in addition to secure smart contract code. A contract can function exactly as intended, but if that intention opens the door to a vulnerability the result can be just as costly as any flaw in the code.