Bitcoin Forum

I was shocked to see this type of news, that most DEXs are unsafe, I do not want to know any report that could have alleged that, because we all know how DEX are secured and safe by design, unlike CEXs that are often hacked as usual. But, I will like to go a bit deeper into the reason why it is alledged in a report by CER (Crypto Exchange Ranks) that most DEXes are unsafe

---

According to CER, 14 out of 25 decentralized exchanges, or DEXs, score poorly in terms of cybersecurity, according to a recent report.

https://i.imgur.com/knVlCOE.jpg
https://cer.live/defi

The factors used by CER for the rating
https://hacken.io/research/researches-and-investigations/decentralized-exchange-ranking-methodology/
CER analysts have created a methodology for the assessment of decentralized exchanges in order to protect traders from trading on exchanges who do not worry about their security and the safety of their users’ funds. While conducting a significant number of researches, the CER team of qualified specialists developed a comprehensive assessment model for decentralized exchanges, which consists of several essential components.

Security audit
Bug bounty program
SSL/TLS
Cold wallet direct support
Liquidity score
Data provision
Token whitelists
Transaction deadline
Slippage tolerance

Only two of the DEXs received a “high” score: Uniswap and Syntetyx. “It is important to note that 6 exchanges (24%) failed to pass a security audit or did not publicly announce that they have undergone an audit. It should be noted that an unaudited exchange cannot be considered safe.”

“Despite the fact that there haven’t been any significant hacks on decentralized exchanges in comparison to centralized platforms, DEX users are actually more susceptible to fraudulent attacks."

https://cointelegraph.com/news/most-dexs-are-unsafe-alleges-new-report

---

What's your take on this?

For me, this is normal. Every system got its own holes or maybe some security flaws, even how high the scores of those mentioned Decentralized Exchanges (DEX), there may be still some issue or bug. Some entities like CER may come up with different rankings and findings.
But I really appreciate CER (Crypto Exchange Ranks) for taking the initiative to do this kind of research and do their ranking on the Decentralized Exchanges (DEX), this is really helpful for everybody especially for non-techy traders and this will help to become a basis for choosing an exchange.

i am not familiar with most of these DEXs listed in that report but from what i can gather most of them aren't really decentralized exchanges, they were a product of some garbage ICO scam that needed something created to raise their funds so they created a "token swap" application and called that a DEX. obviously when the devs are incompetent and seeking money only and the product is not really developed the result will be poor security.

otherwise true decentralized exchanges that you can actually trade on (not just for ethereum token swaps) are secure.

Some dex on the list have relatively low volume. In fact dex are also taking profits from the transaction fees of traders. Hence some dex dont have much of it, unlike uniswap so the development focusing on security might compromise due to no funds to maintain the system with much higher standard.

Some of these even forgotten. I am surprises to see forkdelta still alive and kicking. Since uniswap hype began, nobody or literally few will used this anymore. I think atomic swap dex type are the new trend for now rather than dex that has set/limit order.

Decentralized exchanges are not developed and adopted enough. There are problems with decentralization of DEX. In fact, most of them are centralized exchanges, not decentralized exchanges. I used the scam exchange, Crypto Bridge and when they shut down you can not withdraw your money. Before their scam exit, they said they are decentralized exchange.  :(

I only use old exchanges that have good reputation records, good volume, and if they have hacks in the past, how they reacted and compensated for their users. Young exchanges are always risky to use. You can use them but with very small capital on new exchanges. The interesting thing from new exchanges is there are many fantasy tokens, coins are listed. Many people love fantasy coins or tokens on new exchanges. They take double risks: risk with young exchange, risk with fantasy coins, tokens.

It could not be related to the platform for we know that DEX has no control over your coins because you are the one who manages it connecting it with you own wallet. Yet, I still believe that during the access of digital wallet because it is online then it is prone for hacking or phishing. There are many malware that can do this like a keylogger software that will send data of its compromised device and will be access later by the hacker. If the wallet has been access then your assets will be all done and finished once hacker will going to transfer your assets to different wallets.

I agree with @pooya87. There really should be a column on CER’s list, indicating whether we are talking about a true native DEX, or a swap-based tokenized DEX. Sometime ago, I was shocked to see that people’s who had Bitcoins on Binance DEX were not really dealing with Bitcoins, but rather with a BEP2 token pegged to BTC. Easy to read what could happen if a disaster took place, and all you were left with was a bag of tokens ….

They create a token, gather money from their investors. Uses the money to fund their project and serves as the market cap but forgetting the cybersecurity is the most important thing in such dex or any kind of exchange that they are building.

Sacrificing the security of their platform for the sake of hype and trend.

You’re nailing it straight to the point! This is what I’ve been observing in the crypto world nowadays. Lots of new players (exchanges) emerging and trying to compete with the “big boys”. And the common thing about them is that they promote their own exchange coin and its use case. But the problem? Security itself. Whether if it’s CEX or DEX, no matter what level of security measures that they have, the hackers are always one step ahead of them. No CEX or DEX is safe these days, even the “big boys” not exempted from that.

Im not surprised with this report. Exchanges are generally unsafe, so its no surprise that decentrazlied are not any better than centralized.

They put that much money into marketing and other promotional stuff.

But don't focus on how important security is on an exchange, it's a very costly thing to manage with their funds but they are putting it at last priority.

That is why I never promote new exchange that launches an ICO they are all hype I have not seen one new exchange that launches a crowdfunding that did a bug bounty or maybe I missed one, so instead of creating hype on their features or new token why not launch a bug bounty, traders wants to trade to a secured platform.

They use that as a front for their scams and look what happen on the past Exchange ICO majority of them didn't deliver a good product since and the one they open to their investors are those disposable ones. so by now for the experiences we get better to avoid any of those and always to put on our minds to withdraw always since that is the most safest and effective method to make our funds in good position.

The majority of them are on a platform which means it's under a person's control which also means they can hijack it or someone can hijack them. It takes out the custodial element but ultimately you react to what your screen is feeding you and that's a way in for the nefarious.

There've been a few cases of conventional exchanges and these having their domain or hosting compromised. If that happens you're rather wide open.

They are not looking for something to improved which is  the very important thing to secure first .which is the security of the exchange. They make the website rush so they can  start the sale immediately. which is very wrong if you know you will hold people's money and not only your money. Centralized or decentralized have that problem that need to prioritize first .

I think they are launching bug bounty but it's after if they become successful with their pre-sale.

But looking at them at the beginning doing it, I haven't seen any of them do it.

Yes, they do make websites so fast so that they can have something in front to show to potential investors.

I was curious to know how the "DEXs" compare to the likes of Bisq, a real decentralized exchange but i was utterly disappointed to find out that Bisq wasn't even mentioned anywhere yet the list had fake Dexs have almost zero trading volume.

The article or research makes Zero sense because let's be honest, What qualities that BinanceDEX for example carry to be considered a Decentralized exchange?
Such article mislead newbies from knowing the actually meaning of decentralization or what a decentralized exchange is/

Wow, looking at the bottom, Forkdelta...this brings back memories, they had at one point a few millions in volume, now it's a wasteland out there.
And then there was Etherdelta, hacked, fined by the SEC, closed down, and just like flogging a dead horse for real the exit scam investigation a year later.
A lot of those on that list will go the same road, it's just a matter of who crosses the death line first.


I am shocked right now that you were shocked  ;D
But I remember quite a few people who were cheering at the time of the announcement, I wonder if they realized in this whole year that has passed since with what they are playing.


Well, Bisq fares no better..
+100 Daily trades,  1.463 BTC volume today with an average of 3-4 for the last month?

I don't think it's ever going to get anywhere, or anywhere significant. As ever humans love to centralise too much. I hope it keeps its doors open long enough to catch on with enough people but it's always going to be an outlier.

It's not naïve as the assumption about "DEXs were totally secure and safe" was a self-proclaimed and some people also used it to build the dex hype.
There would be no people used dex when the creator was saying the bad things about the product. 

A bunch of people said in the past if dex was the future, the safest exchange or whatever they have called it. this time it comes to be a false statement.

DEX and CEX are no different, they are just exchanges and if you are afraid of losing assets in both then keep the funds in your personal wallet as it is safer from any risks. But CEX like Binance and Kucoin completely cover funds for hacking cases and will DEX do the same?

On DEXes, you do not necessarily need to open any account, you can swap/exchange on your noncustodial wallet directly. For example, you can use DEXes on wallets that support it, like Uniswap as an example, you can just swap directly without any custodial means on wallets that support it like trust wallet on mobile and metamask wallet on laptop, another DEX is Binance dex. You have the private keys of your addresses, there are many noncustodial wallets that support DEXes, in a way you will swap from one coin to another using noncustodial means like I explained. Even, on trezor, you can access binance Dex.

There are many DEXes you do not need kyc, and in which you will make use of address that you control its private key to swap/exchange from one coin to another. That is why most people that are privacy concerned prefer to make use of DEXes for exchaging from one coin to another rather than custodial means. DEXes are noncustodial means of exchanging from one coin to another by design, using proper one will make this to be fulfilled.

The fact that Cex can have insurance so if it ever gets hacked you may get full or partial refunds but that's not possible with Dexes, your funds gone mean gone.