Developers could have prevented 2022 crypto hacks if they had taken basic security measures

Users who lose funds due to malicious activity are virtually unheard of on Ethereum. In fact, this is the very reason why researchers recently developed a proposal to introduce a type of token that is reversible in the event of hacking or other unsavory behavior.

Specifically, the suggestion would see the creation of an ERC-20R and an ERC-721R, which would be modified versions of the standards that govern both regular and Ethereum tokens. non-fungible tokens (NFT).

The premise is this: This new standard would allow users to make a “freeze request” on recent transactions that would freeze those funds until a “decentralized judicial system” determines the validity of the transaction. Both sides would be allowed to present their evidence and judges would be randomly selected from a decentralized group to minimize collusion.

At the end of the process, a verdict would be rendered and either the funds would be returned or they would remain where they are. This decision would then be final and without further dispute. This would open up a convenient way for victims of hacking and other malicious activities to recover their assets in a direct and community-based way.

Unfortunately, this may well be an unnecessary and ultimately harmful proposition. One of the cornerstones of the decentralized philosophy is that transactions only go in one direction. They cannot be undone under virtually any circumstances. This new change in protocol would undermine this fundamental precept and in order to fix what is not broken.

There is also the fact that even implementing such tokens would be a logistical nightmare. Unless every platform switched to the new standard, there would be huge loopholes in the system, meaning thieves could simply quickly swap their reversible assets for non-reversible assets and avoid the repercussions entirely. This would render the entire asset completely useless, and more than likely users would simply not engage with it.

Moreover, the whole idea of ​​judicial control implies centralization. Isn’t independence from a third party the exact reason why cryptocurrency was created? The existing proposal is unclear on how these judges are chosen, except that it will be “randomly”. Without the system being very carefully balanced, it is difficult to say that collusion or manipulation is impossible.

A better proposition

Ultimately, the notion of a reversible crypto asset may be well-intentioned, but it’s also completely unnecessary. The premise introduces a lot of new complexities in terms of actually integrating into existing systems, and it even assumes that platforms want to use it. However, there are other ways to provide security in the decentralized ecosystem that do not compromise what makes cryptocurrency so powerful in the first place.

For one thing, auditing all smart contract codes on an ongoing basis. Many problems in decentralized finance (DeFi) result from exploits present in the underlying smart contracts. Comprehensive, independent security audits can help identify potential issues before these protocols are released. Additionally, it’s important to try to understand how multiple contracts will interact together when they go live, as some issues only arise when used in the wild.

Any deployed contract will have risk factors that need to be monitored and defended against. However, many development teams lack a robust security monitoring solution. Often the first sign that something wrong is happening comes from a chain diagnosis. Massive or unusual transactions and other unusual transaction patterns may indicate an attack occurring in real time. Being able to spot and understand these signals is key to staying on top of them.

Related: Biden’s anemic crypto framework offered nothing new

Of course, there must also be a system in place to document and record events and communicate the most important information to the appropriate entities. Some alerts may be sent to the developer team and others may be made available to the community. With a community so informed, better security can come in a way that aligns with decentralized ethics rather than being relegated to a function of judicial oversight.

Let’s go back to the example of the Ronin hack. It took the team behind the project six full days to realize an attack had taken place, only becoming aware when a user complained that they could not withdraw funds. If real-time network monitoring had been in place, a response could have occurred almost instantly on the first large suspicious transaction. Instead, no one noticed for almost a week, which gave the attacker enough time to continue moving funds and hiding his history.

It seems pretty obvious that reversible tokens wouldn’t have helped this situation much, but monitoring might have. By the time this was noticed, many of the stolen coins had been repeatedly transferred to wallets and exchanges. Could all these transactions simply be rolled back? The complexities introduced, as well as the possible new risks created, mean that this endeavor is simply not worth it. Especially considering that there are already powerful mechanisms that can provide a similar level of security and accountability.

Instead of messing with the formula that makes crypto so powerful, it would make much more sense to implement comprehensive and continuous security processes on Web3 so that decentralized assets remain immutable but not unprotected.

Stephen Lloyd Webber is a software engineer and author with a diverse background in simplifying complex situations. He is fascinated by open source, decentralization and everything related to the Ethereum blockchain. Stephen currently works in product marketing at Open Zeppelin, a leading crypto-security technology and services company, and holds a master’s degree in English Writing from New Mexico State University.

This article is for general informational purposes and is not intended to be and should not be considered legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

#Developers #prevented #crypto #hacks #basic #security #measures #Crypto

Related Articles

Back to top button