Cybersecurity Challenges in DeFi: Addressing the Risks

DeFi has the potential to unlock new frontiers of innovation in finance. However, institutions are subject to strict regulatory requirements, including some of the most stringent cybersecurity standards in any industry. Meeting these obligations while interacting with DeFi’s dynamic and sometimes volatile ecosystem is no small task. This article is part 2 of the 4-part Exploring the DeFi Frontier series, where we explore the key challenges institutions face when engaging with decentralized finance

DeFi introduces unique cybersecurity risks

The rise of DeFi has coincided with significant cybersecurity incidents. In 2023, hackers stole nearly $1.1 billion from DeFi protocols. While this figure may seem high, it’s worth noting that it marked a significant improvement from previous years. The total value stolen from DeFi platforms dropped by 63.7% from 2022 to 2023, indicating improvement in DeFi security. Nevertheless, the stakes remain high, and institutions must be cautious.

Hackers continually evolve their tactics, seeking out vulnerabilities in smart contracts and exploiting weaknesses in decentralized exchanges, lending platforms, and automated market makers. For financial institutions accustomed to centralized security protocols and regulatory oversight, the decentralized nature of DeFi presents unique risks. The challenge is significant: how can institutions engage with DeFi without exposing themselves to unacceptably high levels of cybersecurity risks?

Solutions for mitigating DeFi’s cybersecurity risks

Despite the cybersecurity risks, many institutions are beginning to find pathways into the DeFi space by being more selective about protocols and leveraging specialized cybersecurity solutions. Here’s how some are doing it:

1. Interacting with select DeFi protocols

A key strategy for managing cybersecurity risk in DeFi is selectivity. Rather than engaging with any available protocol, many institutions are choosing to work exclusively with established, “blue chip” DeFi protocols. These protocols have demonstrated their resilience over time, have invested significant time and resources into cybersecurity, and tend to have a couple of key indicators of quality.
One of the most important indicators of a blue chip DeFi protocol is whether it has undergone a thorough smart contract audit. These audits help identify and address vulnerabilities in the code, ensuring that the protocol is less susceptible to exploits. Institutions typically favor protocols that perform ongoing audits, often referred to as "trail audits", which provide a continuous assessment of the protocol's security posture.

Another important indicator is the user experience. Blue chip protocols are more likely to have cybersecurity top of mind and create a user experience designed to mitigate errors and risks. For example, some blue chip protocols have created more secure contracts that allow users to selectively permission tokens for transactions for a limited time. This helps reduce risk of exploitation that comes from “infinite approvals” – users giving applications access to a wallet’s entire token balance for an indefinite period of time. 

By only interacting with DeFi protocols that have invested in smart contract audits and a safe UX, and demonstrated resilience over time, institutions can reduce the risk of cybersecurity incidents.

2. Using multiple wallets 

Another strategy for managing cybersecurity risk is to use multiple wallets to segregate digital assets. The creation of new wallets is typically free, so segregating digital assets into multiple wallets can be an efficient way to reduce cybersecurity risk without adding additional costs.

Segregating assets into multiple wallets (e.g., by client, account, or counterparty) can reduce cybersecurity risk by minimizing the potential impact of a compromised wallet. In addition, rotating wallets periodically can help to reduce the risk exposure generated by a frequently used wallet. This is particularly important if the protocol has the ability to pull money from a wallet. If the protocol is hacked and still maintains prior approvals, it can result in unauthorized transactions and losses for the impacted user. 

3. Working with specialist vendors

Institutions that successfully engage with DeFi protocols often do so by leveraging the expertise of specialized vendors. A number of cybersecurity specialists offer cutting-edge solutions designed to address the unique challenges of decentralized finance. From enhanced monitoring tools, to sophisticated threat detection systems, these vendors can help mitigate the risk of hacks and unauthorized access.

Many of our institutional clients have found success by working with trusted vendors who offer DeFi-specific cybersecurity solutions. Talos maintains relationships with some of the most reputable cybersecurity specialists in the industry and can help connect institutions with specialized partners to support safe interactions with the DeFi ecosystem.

Conclusion 

The cybersecurity challenges facing financial institutions in DeFi are significant, but not insurmountable. By selectively engaging with protocols, leveraging multiple wallets, and working with trusted vendors who specialize in DeFi cybersecurity, institutions can navigate this new frontier with confidence. 

-----

Talos has helped numerous institutions navigate DeFi’s complexities. Contact us to explore how we can support your institution in overcoming these challenges to unlock the potential of DeFi. 

In the next chapter, we consider the challenges of complying with traditional custody requirements in DeFi. Click here to read Part 1: The AML/KYC Challenge in DeFi: Risk Mitigation Techniques.

^{Disclaimer: Talos offers software-as-a-service products that provide connectivity tools for institutional clients. Talos does not provide clients with any pre-negotiated arrangements with liquidity providers or other parties. Clients are required to independently negotiate arrangements with liquidity providers and other parties bilaterally. Talos is not party to any of these arrangements. Services and venues may not be available in all jurisdictions. For information about which services are available in your jurisdiction, please reach out to your sales representative.}