Decentralized Finance (DeFi) is one of the fastest-growing sectors in the crypto world, but DeFi-related fraud has seen an uptick in recent months, raising security concerns.

DeFi – a blockchain-based form of finance that does not rely on central financial intermediaries – holds great potential in enhancing market efficiencies and democratizing access to financial services, but it has become an increasingly popular space for bad actors looking to exploit the absence of human intermediaries.

As such, a greater emphasis on security is necessary, Julian Hosp, CEO and co-founder of Cake DeFi, a Singapore-based platform offering a range of DeFi products, told finews.asia in an interview.

In 2021, crypto intelligence firm CipherTrace found that DeFi-related breaches accounted for over 75 percent of all the hacks that took place this year. DeFi-related fraud has especially seen an uptick in recent months, up from 3 percent in 2020 to 54 percent of all major fraud incidents in the space.

This week saw the largest-ever crypto heist when DeFi platform Poly Network was drained to the tune of $600 million. Given the increased scrutiny of regulators and security concerns, Hosp shared his thoughts on the DeFi space going forward.

Julian Hosp, what is the extent of illicit activity that takes place on DeFi platforms?

The inherently open-source and decentralized nature of DeFi is certainly one of its key value propositions but equally opens the space up to illicit activities such as fraud or money laundering due to the absence of KYC checks that are often tied to national legal or identity systems. Although, it would be remiss to pretend as though the traditional financial services sector, as well as centralized platforms, aren’t equally at risk of these threats.

With many of these infrastructures reliant upon the stability of the code on which they’re written, all it takes is a single error or vulnerability. This is especially true for DeFi projects built on Turing complete blockchains such as Ethereum or BSC. 

Projects like DeFiChain (non-Turing complete), by comparison, would be less vulnerable by design as consensus occurs directly on the blockchain layer. Rather than multiple lines upon lines of code facilitating that consensus process, just a few are required, which ultimately limits the prospect of human error in the process.

Is there a need for more security in DeFi?

Though projects built on Ethereum have certainly shone under the spotlight, it’s clear that a history of vulnerabilities highlights the need for greater emphasis on security. This is truly critical for projects looking to grow their user bases in the hopes of achieving mainstream status.

«We need to be open to looking beyond the space’s dominant infrastructural players»

Investing in greater security measures and initiatives — be it rigorous bug testing or ongoing checks for the soundness of their smart contract code — alongside self-regulation, is ultimately key. For the DeFi space to mature, it needs to do so from within and we need to be open to looking beyond the space’s dominant infrastructural players.

Is this hack a setback for the development of DeFi?

With so many discussions taking place beyond the industry echo chamber on DeFi’s value across the broader financial ecosystem, any security incident, regardless of scale, is indeed a setback when it comes to perceptions of the space.

«Hacks are nothing new»

Hacks are nothing new, but what’s most telling is how projects and platforms choose to behave in these situations. How transparent are they being with their users? Has a post-mortem been done? Has the team taken the time to understand what led to these circumstances? Users should take it upon themselves to cast a critical eye on the projects they choose to engage with when such situations arise.

What are its implications for DeFi regulation?