LONDON — For most of the 13-year life of
cryptocurrencies, exchanges were the epicenter for cyberheists. Now, a bigger
hacking risk in the growing sector has exploded into view: Peer-to-peer crypto
platforms.
اضافة اعلان
One such site, Poly Network, was at the center of a $610
million crypto theft last week, one of the biggest ever. Within days of the
heist, the decentralized finance (DeFi) platform said the "white hat"
hacker or hackers had returned nearly all the loot.
The unusual ending to the Poly Network saga belies
fast-emerging risks in this growing corner of crypto, where an estimated $80
billion or more is held, interviews with industry executives, lawyers and analysts
show.
DeFi sites allow users to lend, borrow and save — usually in
cryptocurrencies — while bypassing the traditional gatekeepers of finance such
as banks and exchanges. Backers say the technology offers cheaper and more
efficient access to financial services.
But the heist at Poly Network — previously a little-known
site — has underscored the vulnerability of DeFi sites to crime.
Would-be robbers are often able to exploit bugs in the
open-source code used by sites. And with regulation still patchy, there is
usually little or no recourse for victims.
Centralized exchanges, which act as middlemen between buyers
and sellers of crypto, had previously been the main targets of crypto
cyberheists.
Tokyo-based exchange Mt.Gox for instance collapsed in 2014
after it lost half a billion dollars in hacks. Coincheck, also based in Tokyo,
was hit by a $530 million heist in 2018.
Many major exchanges, under the regulatory spotlight and
striving to attract mainstream investors, have since bolstered security and
heists on such scale are now relatively rare.
Less secure
An onus on security at major platforms such as Coinbase
Global Inc. has pushed less-secure venues to the sidelines, said Ross
Middleton, chief financial officer at DeFi platform DeversiFi.
"What's happened is the big exchanges have got really
good (on security) and the smaller exchanges aren't around anymore," he
said. "The frontier is definitely DeFi now."
Losses from crime at DeFi platforms are at an all-time high,
crypto intelligence firm CipherTrace said last week, with thieves, hackers, and
fraudsters making off with $474 million from January through July.
The spike came as funds poured into DeFi, mirroring flows
into crypto as a whole. According to DeFi Pulse the total value held at such
sites is now more than $80 billion, compared with just $6 billion a year
earlier.
DeFi specialists say security risks tend to lie at newer
sites which may run on less secure code.
"There is a widening security and risk gap between old,
battle-tested DeFi protocols, and new, untested DeFi protocols," said Rune
Christensen, former head of the body behind high-profile DeFi application
Maker.
Proponents says the use of open-source code means
vulnerabilities can be quickly identified and solved by users, reducing the
risk of crime. DeFi can police itself, they say.
Yet for financial watchdogs and governments across the world
looking at regulating the crypto sector, DeFi is increasingly in focus.
Enforcement action
US Securities and Exchange Commission (SEC) chair Gary Gensler
has signalled he would take a tough stance on DeFi.
Such platforms may be captured by US securities laws, he
said in a speech this month, calling on Congress to draft legislation to rein
in DeFi and crypto trading.
The SEC this month brought its first enforcement action involving DeFi tech, alleging the company issued unregistered securities and
misled investors. The SEC did not respond to further questions on its stance.
Officials at the US Commodity Futures Trading Commission
have also signalled greater scrutiny.
Commissioner Dan Berkovitz in June called DeFi a "Hobbesian
marketplace" — a reference to a 17th century philosopher who saw life
without government as "nasty, brutish, and short". Unlicensed DeFi
platforms for derivatives were violating commodities trading laws, he
suggested.
Elsewhere, moves are slower. DeFi is still far from the
political agenda in Britain, for instance.
A spokesperson for Britain's financial watchdog said while
some DeFi activities may fall under its scope, much of the sector is
unregulated.
For some analysts, greater regulation in inevitable, with
little sign that DeFi sites can do the job themselves.
"The unfortunate situation is that (Poly Network) was
seen as just an average Tuesday in the DeFi world," said Tim Swanson of
blockchain firm Clearmatics.
"The industry likes to congratulate itself by claiming
it resides on transparent systems, but it has repeatedly shown it is incapable
of policing itself."
Read more
Business
.jpg)
.jpg)
