Web3 and DeFi protocols gather to increase sector’s security

Security is a growing concern in Web3. Exploits in Q2 2024 grow by 91% compared to the same period last year. ImmuneFi, Code Hawks and MakerDAO offer more bounty opportunities.

Jun 28, 2024 - 15:56
 0
Web3 and DeFi protocols gather to increase sector’s security

Security is becoming a concern once again, as DeFi protocols and Web3 projects have grown their liquidity. More complex decentralized systems open new possibilities for attacks and exploits. 

Several high-profile protocols will fund research and events for Web3 security, which also affects DeFi protocols. Among them is MakerDAO, with a direct investment into SherlockDeFi, a firm specializing in the security of decentralized protocols. 

Also Read: CertiK explains ethical hacking stance, Kraken admits full return of funds

In the case of Sherlock, the organization offers multiple targeted challenges for using and auditing DEX or other apps. The MakerDAO challenge is the biggest so far, with a bounty that is 10X the usual pool for SherlockDeFi. 

Sherlock has worked with established Web3 security experts, and has closed 167 audit events so far. Sherlock’s audits claim to have prevented 383 critical bugs, caught before mainnet launches for multiple projects.

Exploits accelerate, leading to Web3 security summer

In June alone, the crypto world witnessed two high-profile exploits – UwU Lend, which lost $20M through a smart contract, and Kraken’s $3M ethical hack by Certik. The Velocore exchange also lost $6.8M in attacks against its ZKSync and Linea pools. In June, ImmuneFi recorded 12 incidents, which took away as much as $78M.

Also Read: Kraken recovers $3M as criticism mounts against CertiK

According to ImmuneFi, Q2 arrived with $509M in exploits, a 91% increase compared to the same period of 2023. Exploits and hacks slowed down during bear markets, but immediately grew as DeFi increased its holdings. In 2024, there were a smaller number of hacks, but more carefully targeted to specific protocols and their weaknesses.

DeFi has grown in complexity, spreading to several L2 chains. The bridges, smart contracts and wrapped assets open the door for exploits. The other big source of theft are MEV attacks, or sandwich attacks, which aim to front-run DEX traders. 

ZachXBT, a high-profile researcher of blockchain exploits, recently exposed a MEV attacker. 

Solana and Jito DAO also aim to slow down MEV activity and allow retail traders to post orders that will not be attacked. 

The other big class of attacks and exploits to Web3 users include attempts to drain individual wallets. Funds from wallets can be taken through injecting faked addresses, malicious smart contracts or fake NFT buying links. 

Competitions and bounties draw in Web3 developers

ImmuneFi is also offering both distance and in-person challenges for security experts. ImmuneFi made a call to developers for a live event in Brussels, during a general DeFi security event. ImmuneFi has established itself as one of the go-to platforms for new paid opportunities and ethical hacking. 

The launch of multiple new Web3 and DeFi protocols helped ImmuneFi draw in more ethical hackers. In June, the aggregator reached a milestone with $100M paid out to bug hunters.

Also Read: Crypto hacks and scams doubled in Q2 2024: Report

ImmuneFi set up a bounty of up to $5,000, available during the July 8 challenge in Brussels. ImmuneFi is also constantly aggregating bounty and test opportunities for security experts. The platform brings bounties of all scales, covering both niche smart contracts and large protocols. 

One of the biggest bounties in the DeFi space is that of Morpho, an aggregator of lending pools. Morpho aims to protect $1.85B in value locked, recently reaching an all-time high. For that reason, Morpho expanded its bug bounty vault to $2.5M. Morpho made a direct call to test specific smart contracts that make the backbone of its activity. 

According to Certik, almost all Web3 protocols contain still-undiscovered risks. Certik’s standards place the Wemix wallet and ecosystem as the safest possible in Web3. 

Additionally, the summer of 2024 brought a near-constant wave of new tokens. Now, DEX, wallets and other services are trying to build whitelists and quickly flag potential risky tokens and rug-pulls.

The Code Hawks event will start with TempleDAO, from July 4. Each week in July, a new competition will open with a bounty for a different platform. The TempleDAO audit will have a prize pool of 25,000 USDC for successful bug hunters. Code Hawks aims to continue involving big protocols, while building a leaderboard of the best bug hunters.


Cryptopolitan reporting by Hristina Vasileva

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

CryptoFortress Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.