When Decentralized in DeFi has a Single Point of Failure

[Darker45]

I remember when I was first introduced to the term decentralization in crypto, one of the main highlights was that it doesn't have a central server, a central control system, a central admin, a central point person, a central everything whose failure or malfunction could mean the failure of the entire system. And this sold well to me. It's the one aspect which makes decentralization worth trusting. A decentralized system means less worries because there is no single point of failure.

Nobody controls the money except the one who's got the private keys. Transactions are peer to peer, no need to trust a third party. There's no CEO. No president either. Codes rule. ...until a bug is found by someone who's looking for fun and more than $610 million is stolen, the largest theft ever to happen in the crypto universe.^[1] And it happened in a decentralized system.

Which leads us to ask, how come? Can any random person just enter a decentralized system and take away hundreds of millions? Well, probably no. But perhaps we should begin to evaluate the decentralized in DeFi and in other decentralized services.

But to someone who's a newbie or a crypto layman who doesn't have the technical capacity to review codes and smart contracts, perhaps we should just adopt a skeptical view of what's being offered us hot. Let us be more cautious. After all, this is not the first time an attack on a decentralized platform happened.

[1] https://www.cnbc.com/2021/08/12/poly-network-hacker-behind-600-million-crypto-heist-did-it-for-fun.html

[CryptopreneurBrainboss]

Love how all this so called "decentralized projects"  are getting exposed one after the other proving that we only have one true decentralized projects and that's Bitcoin. Bitcoin has never been hacked and I'm pretty sure that's not happening and can't never happen unless the whole quantum computer scenario comes to reality. Something I wonder why there's still a buzz around the whole Defi crab when everyday people are getting hurt through hacks and all the flash loan hacks going around.

Is there a Defi project out there with thousands of patronage that have stayed atleast a year without getting exploited, i doubt. It's beginning to seems like the people are the problem and not the project pumping up in their numbers because if their crabs aren't been bought they should have died off. This projects aren't as decentralized as they claim if they keep getting this exploited so easy. Already we know this projects are been poorly audited in a rush to partake in the hyped market maybe this could be the problem.

[pooya87]

The article you linked is not about centralization or decentralization of DeFi and their platforms but it is all about the weakness of the DeFi projects and more importantly the low quality platforms they are being built on.
You see when Satoshi created Bitcoin he spent a lot of time (over a year) securing it and consulted a lot of security experts including Hal Finney. All these shitcoins (ETH, POLY,...) are created in a short time with least amount of effort and are filled with lots of security flaws that have been exploited from day one. Then the incompetent people build projects (aka tokens aka ICO, IEO, STO, DeFi,...) on top of them that get exploited more.
The result is just a shitshow worth billions of dollars!

[mk4]

Is there a Defi project out there with thousands of patronage that have stayed atleast a year without getting exploited, i doubt.

Like them or hate them, there are actually "DeFi" projects that have stayed unexploited since their inception; mostly the so called "blue chip" DeFi projects such as UniSwap and MakerDAO. Some projects simply have a lot more budgets for development and security audits than others.

[BlackHatCoiner]

Some people believe that a hacker could get away with $610B worth of cryptocurrencies and remain anonymous. The only way to achieve this would be if he never moved them after he stole them. I haven't read what exactly did they gain access into and how did they do that, but I suppose it was a transparent transaction created due to the system's weaknesses.

Anyway, I'll agree with the replies above and I'll add that this incident was defamation for POLY.

[Rainbow-queen]

For me, the current fees for DeFi participation are expensive, and I hate risks. Perhaps it is a good choice to wait until the underlying technology is perfect and DeFi matures before participating.

[mk4]

For me, the current fees for DeFi participation are expensive, and I hate risks. Perhaps it is a good choice to wait until the underlying technology is perfect and DeFi matures before participating.

High fees shouldn't necessarily mean that a project is bad; heck, even Bitcoin has really high fees sometimes(mostly in peak times of bull markets). Also taking note that cryptocurrency projects including Bitcoin will never be 100% finished, because there will always be things to improve.

[notocactus]

Nobody controls the money except the one who's got the private keys. Transactions are peer to peer, no need to trust a third party. There's no CEO. No president either. Codes rule. ...until a bug is found by someone who's looking for fun and more than $610 million is stolen, the largest theft ever to happen in the crypto universe.^[1] And it happened in a decentralized system.

[1] https://www.cnbc.com/2021/08/12/poly-network-hacker-behind-600-million-crypto-heist-did-it-for-fun.html

Poly network hack is not the first hack in DeFi. Please read DeFi hacks [history].

I can not deny the fact that DeFi brings convenience for us but I can not understand people who can easily make a swap with thousands of dollars.

They are probably careless or they have too big capital and don't mind about risk with a thousand-dollar swap. I bet that most of people who use DeFi are not coders and they blindly believe that projects with open-source code and have been reviewed by community are good and safe to use. It's naively and blindly belief. It might be right till the day hack happens.

[Darker45]

Is there a Defi project out there with thousands of patronage that have stayed atleast a year without getting exploited, i doubt.

Like them or hate them, there are actually "DeFi" projects that have stayed unexploited since their inception; mostly the so called "blue chip" DeFi projects such as UniSwap and MakerDAO. Some projects simply have a lot more budgets for development and security audits than others.

Although UniSwap remains to be the top DEx right now, it doesn't have a spotless track record either. Just a little more than a year ago, it was also subject to a reentrancy attack, together with Lendf.me, another decentralized platform.^[1] And while the problem wasn't on the part of its smart contract, by using a technology of a certain blockchain upon which its contract was built, a single point of failure was opened and made itself vulnerable.

So the question remains as to the decentralization claim in DeFi especially when somebody could simply exploit a single function and effectively steal away people's money.

Incidentally, just the other day, a day after the DeFi platform Poly Network was successfully attacked, DAO Maker, another decentralized platform, also suffered an attack which cost them $7 million. Apparently, the weakness was the contract itself, in which the bug was found.^[2] DAO Maker may not be MakerDAO, but they're both using the DAO approach which boasts of decentralization, of using hard-coded rules beyond the control of any single entity.

All in all, it makes the decentralized questionable not only in DeFi but also in DAO and in DEx.

[1] https://siliconangle.com/2020/04/19/25m-cryptocurrency-stolen-hack-lendf-uniswap/
[2] https://www.coindesk.com/crypto-fundraising-dao-loses-over-7m-in-latest-crypto-exploit

[pooya87]

I bet that most of people who use DeFi are not coders and they blindly believe that projects with open-source code and have been reviewed by community are good and safe to use. It's naively and blindly belief. It might be right till the day hack happens.

The problem is that those who buy DeFi garbage have one and only one goal: to make money. And they do not care about what that garbage is. It may not even exist as a token at all. Take 2017 for example, there were dozens of dead coins (literary dead, a coin that didn't have any new blocks mined for more than 6 months) that were being revived and pumped hard. People bought those coins! So clearly they don't care at all about what they are buying as long as there is a "chance" it might give them some profit.

[sou-kou]

That still has a lot to do with the technical team,In many cases, there may be problems in logic, algorithms, and audits.
It is an inevitable phenomenon when DeFi becomes more and more mature, because the centralization is already rotten, and it is a shame not to change.

[hatshepsut93]

DeFi and smart contracts will always be full of security threats because it's essentially a full programming language that allows you to program anything, and that makes it hard to analyze and find the bugs. Bitcoin also has a scripting language, but it was intentionally restricted in what it can do for this very security reason, so Bitcoin can't do all the things that ETH can, but it also had zero hacks compared to countless Ethereum failures that happen every year.

[zasad@]

I remember when I was first introduced to the term decentralization in crypto, one of the main highlights was that it doesn't have a central server, a central control system, a central admin, a central point person, a central everything whose failure or malfunction could mean the failure of the entire system. And this sold well to me. It's the one aspect which makes decentralization worth trusting. A decentralized system means less worries because there is no single point of failure.

Nobody controls the money except the one who's got the private keys. Transactions are peer to peer, no need to trust a third party. There's no CEO. No president either. Codes rule. ...until a bug is found by someone who's looking for fun and more than $610 million is stolen, the largest theft ever to happen in the crypto universe.^[1] And it happened in a decentralized system.

Which leads us to ask, how come? Can any random person just enter a decentralized system and take away hundreds of millions? Well, probably no. But perhaps we should begin to evaluate the decentralized in DeFi and in other decentralized services.

But to someone who's a newbie or a crypto layman who doesn't have the technical capacity to review codes and smart contracts, perhaps we should just adopt a skeptical view of what's being offered us hot. Let us be more cautious. After all, this is not the first time an attack on a decentralized platform happened.

[1] https://www.cnbc.com/2021/08/12/poly-network-hacker-behind-600-million-crypto-heist-did-it-for-fun.html

When someone talks about hacking, I suggest comparing which is more hacked.
Hackers Stole $3.8 Billion in Cryptocurrency Hacks in 2020
https://decrypt.co/54128/hackers-stole-3-8-billion-in-cryptocurrency-hacks-in-2020
"Crypto wallets had 27 attacks and were the most lucrative target for the hackers, with $3.03 billion in losses."
It is very easy to lose money in the cryptocurrency space.

[pooya87]

When someone talks about hacking, I suggest comparing which is more hacked.

Actually the amount is not important, what matters is the type of the hack. Which means when a centralized insecure service that people leave their money with gets hacked it is not even close to being as bad as a protocol of the cryptocurrency itself being weak and is exploited to steal the users' funds.
To understand what the later means imagine if you sent your bitcoins to a P2PKH address (legacy bitcoin addresses starting with 1) and bitcoin protocol could be exploited to steal your funds!

[libert19]

Even the 'audited' projects gets hacked often, people think of those as safe but in reality they aren't. There are insurance projects in defi but I ain't sure how safe are those either. What if they get hacked themselves and gets drained of all funds?

[notocactus]

The problem is that those who buy DeFi garbage have one and only one goal: to make money. And they do not care about what that garbage is. It may not even exist as a token at all. Take 2017 for example, there were dozens of dead coins (literary dead, a coin that didn't have any new blocks mined for more than 6 months) that were being revived and pumped hard. People bought those coins! So clearly they don't care at all about what they are buying as long as there is a "chance" it might give them some profit.

It happens this year, chain migration, source code migration, bridge with DEX. Honestly, low quality is low quality project because it does not have real use case and it does not matter what chain, algorithm it is running on.

Since 2020, I see successful revived projects are limited because in the last two years, DeFi and NFT takes almost all capital in altcoins. There is less chances for dead projects to come back. It's harder for them than in 2017.