Is DeFi really revolutionary? One attack after another.

[akhjob]

We all know that a few months back we had Flash loan attacks costing millions by exploiting bZx protocol. Now, looks like a DeFi protocol, dForce has lost over 99 percent ($25 Million) of its assets in an attack Saturday night.
More info: https://www.coindesk.com/attacker-drains-decentralized-protocol-dforce-of-25m-in-weekend-attack
So is DeFi really a revolutionary idea as some claim?

[john_cm]

Give the ecosystem some time, it will find stability

[amishmanish]

Give the ecosystem some time, it will find stability

On what basis do you say that? It is a shit -show with people coming up with these concepts of BTC derivatives/ ETH-derivatives. Cryptocurrencies in themselves are an in-fallible record unto themselves. Just because you want to trade them, you don't necessarily need these "derivatives". In most cases, the underlying assets lose value, or are manipulated by market strategies or worse still, the developers fuck up and have their code exploited.

People who are betting on such an infrastructure are bound to lose. Instead of making a show of these so-called protocols and smart-contracts, the serious developer should actually be focussing on ensuring that the underlying asset is rock-solid in terms of finality of settlement and robustness of code. Only bitcoin fulfills that. If these DeFi devs want to be taken seriously, they should stop toying around with insecure protocols and start development using bitcoin. The ideas of smart-contracting using Simplicity/ Sidechains are what they should invest effort in. Otherwise "DeFi" will continue to be another one of the money grabs after ICOs, IEOs and what not.

[Tigboom]

It seems hackers have identified a loop hole in defi protocol and that's how the hacking will continue. Something needs to be done to stop this early.

[disconnectme]

The issue with Deforce team is predictable, I do not know how stupid a team can be and decided to force compound code and start using it, do you think the compound team are stupid when they decided to move to V2. I do not think some of these developers understand the risk factor associated with business like Defi and people just start to appreciate some platform that has been running for years without being exploited and users also need to do the cost benefit analysis if it worth it risk your money for a 10% at most profit.

[Teraboy]

It seems hackers have identified a loop hole in defi protocol and that's how the hacking will continue. Something needs to be done to stop this early.

That means if that was not a defi. The real decentralized finance that was truly decentralized just like fork or even etherdelta. These are the real dex. So many times the hacked tried to hack both of these sites but it never happened except DNS hijacking but the hot wallet was still safe. So many platforms sell Defi as a gimmick only to raise the attention from the users while they were all crap platforms.

[Ucy]

I was reading about the hack to understand what really happened to a whole "decentralized thing"... saw an interesting article on yahoo, checked back later and i could access it again....probably due to my device or something else...



* The article on yahoo appeared this way:

Multicoin Capital-backed DeFi protocol dForce loses ~$25M total locked value in an exploit

Celia Wan
The Block ● April 19, 2020, 4:36 AM UTC

— Well, here are some interesting things I found on the article (summary) :

* dForce, a Multicoin Capital-backed Chinese decentralized finance (DeFi) protocol, has been exploited.

* On the dForce Telegram channel, CEO Mindao Yang said the team is still investigating the issue and advised users not to supply any asset into Lendf.Me now. The team also confirmed the Chinese crypto news site ChainNews that it Lendf.Me was attacked at block height 9,899,681.

* Although details of the exploit were yet to be revealed, it is worth noting that in January,
Lendf.Me integrated with imBTC , an Ethereum token pegged to BTC. Earlier today, a liquidity pool for imBTC on decentralized exchange Uniswap was exploited, resulting in a loss of around $300,000 worth of tokens.
The imBTC attack took advantage of the fact that imBTC uses ERC 777 standard, which allows the hacker to continuously call the Uniswap smart contract to withdraw funds before the external balance could be updated.
On Twitter, some users are speculating that Lendf.Me experienced a similar attack to the imToken one, as transaction records show that the hacker repetitively called Lendf.Me's withdrawal function to take out imBTC that was supplied to the lending protocol by the hacker in the first place.
This scheme, however, was not new. In 2016, the famous DAO hack used a similar mechanism that led to $60 million Ether being stolen. A ConsenSys audit of Uniswap last year also discussed this vulnerability in depth.

* On April 15, dForce just announced a $1.5 million funding round led by Multicoin Capital, with participation from Huobi Capital and China Merchants Bank International (CMBI), the investment arm of one of the biggest banks in China.

The link:
https://finance.yahoo.com/news/multicoin-capital-backed-defi-protocol-043640470.html?guccounter=1&guce_referrer=aHR0cHM6Ly9kdWNrZHVja2dvLmNvbS9sLz9raD0tMSZ1ZGRnPWh0dHBzJTNBJTJGJTJGZmluYW5jZS55YWhvby5jb20lMkZuZXdzJTJGbXVsdGljb2luJTJEY2FwaXRhbCUyRGJhY2tlZCUyRGRlZmklMkRwcm90b2NvbCUyRDA0MzY0MDQ3MC5odG1s&guce_referrer_sig=AQAAANLxu58lZfWJcV8j0esqlub8L7YYjL70j0JSIVnQGLVFkIB5EAz2VPhcMwnnp-_f0jXG8CSL6e_Ud9NKhmZCMEyT5BjuE9D2GOEOoUjDmGrdW6fyxLPH0BEr3-_B3iFg8V8T98z7GjZZggUul-SCkT-Va0ikW2lilVkwFER7wNmS



That ^ doesn't look decentralized even without seeing the details of what really went wrong.
Some desperately trying to give decentralization a bad name? I hope not.

"Defi" community really need serious and honest cleansing of the platform, or maybe abandon it and start something really decentralized and safe?

[Tipstar]

The decentralized Finance technology are new and varied. That's the reason why many of them are attached. It's also due to the lack of safety measure implemented by those DEFis.
As we grow towards a universal platform and solving issues, Defi would be one of the most secure way to handle our finance, fast, efficient and secure.

[onyavin]

The decentralized Finance technology are new and varied. That's the reason why many of them are attached. It's also due to the lack of safety measure implemented by those DEFis.
As we grow towards a universal platform and solving issues, Defi would be one of the most secure way to handle our finance, fast, efficient and secure.

Agreed

[Starfranko]

If truly decentralized, such loss wouldn't have occurred. There should have been some measures in its funds security like cold wallet storage and multi-sig function on the parts of the team members.

[Lhaine]

The decentralized Finance technology are new and varied. That's the reason why many of them are attached. It's also due to the lack of safety measure implemented by those DEFis.
As we grow towards a universal platform and solving issues, Defi would be one of the most secure way to handle our finance, fast, efficient and secure.

this is another lesson to learn before releasing a new ideas First make sure there are no holes and security issues before launching a project . Since it's a big money involved  there is also big risk and like what happened  there are big money that has been  lost for that experiments.

[michellee]

The decentralized Finance technology are new and varied. That's the reason why many of them are attached. It's also due to the lack of safety measure implemented by those DEFis.
As we grow towards a universal platform and solving issues, Defi would be one of the most secure way to handle our finance, fast, efficient and secure.

If that technology can attract more people to come, I guess there will one or more group of people who want to try to test the system, so they know if the platform have a bug or not. But I agree that Defi will grow better in the future if the team can do hard work and fix the problem although there is no guarantee for them not to get attack again.

[amishmanish]

As we grow towards a universal platform and solving issues, Defi would be one of the most secure way to handle our finance, fast, efficient and secure.

What universal platform? DeFi gives no guarantee of being the "most secure way". Decentralizing finance is an idea to allow access to finanical tools without central parties. Security has got nothing to do with it being decentralized. Its security will only be as good as the underlying protocols and the intelligence/ expertise of its devs.

From the host of attacks, it is clear that the ethereum based platforms are inherently insecure due to a multitude of possible bugs. This one was an exploit of the ERC-777 standard btw. If you need security, all these "devs" and "teams" should stop playing with toys that sound exciting and focus on development using bitcoin, the safest network there'll ever be.

--snip--security like cold wallet storage and multi-sig function on the parts of the team members.

In such exploits, security is breached not because of not following basic things like cold-wallet or multi-sig. These are breaches due to inherent weaknesses of the ethereum platform. Since the DAO Hack, it has been shown numerous times that Ethereum based entities lose money due to code issues. How can people just put in millions on these is beyond understanding. Novelty and the greed i suppose.

[Grumlin]

We all know that a few months back we had Flash loan attacks costing millions by exploiting bZx protocol. Now, looks like a DeFi protocol, dForce has lost over 99 percent ($25 Million) of its assets in an attack Saturday night.
More info: https://www.coindesk.com/attacker-drains-decentralized-protocol-dforce-of-25m-in-weekend-attack
So is DeFi really a revolutionary idea as some claim?

I think yes, just defi is so young, need time. Eth, if you remember, has problems with such type of attaks. Move language is interesting way of defi

https://blog.dfinance.co/how-dfinance-protect-against-reentrancy-attack/

[masterrex]

We all know that a few months back we had Flash loan attacks costing millions by exploiting bZx protocol. Now, looks like a DeFi protocol, dForce has lost over 99 percent ($25 Million) of its assets in an attack Saturday night.
More info: https://www.coindesk.com/attacker-drains-decentralized-protocol-dforce-of-25m-in-weekend-attack
So is DeFi really a revolutionary idea as some claim?

I believe in the idea of Decentralized Finance or Defi and I think it was an innovative finance option. The main idea is revolutionary because it will create a chain of a Decentralized Finance protocol and not just relying on the old traditional financing scheme. But still, all systems are subjected to flaws and errors. thats why I believe in the saying " No system is perfect, All is subjected to flaws" I think that's the reason (flaws) Only the system is vulnerable but the idea of a Decentralized Finance is great and timely. But I don't leave any possibilities that it may be an inside job who knows!

[casperBGD]

i do believe that there are issues regarding DeFi, and scams are present, but also believe that each scam is in the news and blown out of proportion, because people lose money all the time, with many scams, bunch of them not related to crypto markets, and nobody is telling stories about that, but each 10k USD loss in DeFi is a story that everyone should hear and it is a shut down for the industry, i do not think so, products are in early stage, and you should analyse solution offered before investing money in it, or invest small amount to see how it is going

i do not understand people that invest 100 ETH in a product that they do not know anything about, and at a later stage they claim that they are scammed, world is not functioning that way, you should do your own analysis before investment

[meanwords]

I think it's the fault of the one who is handling it. DeFi has potential to grow big but the team just neglects the possible risk during its early stage. They didn't fix the problem in the first attack and now they suffered huge lost this attack. $25,000,000 is not a joke to its team and its users. I wonder how they will come back from this?

Idea might be good but that doesn't decides how a project prosper, it is its team.

[gundala]

I think it's the fault of the one who is handling it. DeFi has potential to grow big but the team just neglects the possible risk during its early stage. They didn't fix the problem in the first attack and now they suffered huge lost this attack. $25,000,000 is not a joke to its team and its users. I wonder how they will come back from this?

Idea might be good but that doesn't decides how a project prosper, it is its team.

We know that this is a fairly new thing, but at least it has more advantages than conventional banks. DeFi is more transparent, flexible, with global reach.
And it is not a small fund. With failures and ineffective systems, it will be a good lesson for further development.
https://t.me/ico_analytic/1806

[Grumlin]

I think it's the fault of the one who is handling it. DeFi has potential to grow big but the team just neglects the possible risk during its early stage. They didn't fix the problem in the first attack and now they suffered huge lost this attack. $25,000,000 is not a joke to its team and its users. I wonder how they will come back from this?

Idea might be good but that doesn't decides how a project prosper, it is its team.

We know that this is a fairly new thing, but at least it has more advantages than conventional banks. DeFi is more transparent, flexible, with global reach.
And it is not a small fund. With failures and ineffective systems, it will be a good lesson for further development.
https://t.me/ico_analytic/1806

I absolutely agree with you. But Defi developers need to use more secure development tools, but i think need time, because more and more tools created every hours

[siddartha1492]

Defi is certainly revolutionary. But if an incompetent Chinese team just copy-pastes the code then you can't do much. Plus no matter how hard you try, sometimes a small issue is left which no one sees. Solution is rigorous auditing which most projects ignore. Also big exchanges are also hacked despite all the security measures. For that hacking itself needs to be demotivated like via combined efforts by all exchanges to blacklist addresses as soon as they are found to be of hackers. Like it was done in the case of this Force hack which led to hackers willing to negotiate and sending back some funds.