- Research exposes security flaws in DEX systems
- comes in the same week as $24 million theft from Harvest Finance
DeFi exchanges have enjoyed a boom in popularity since the start of 2020 — a direct response to a growing clamor for entirely decentralized transactions. However, that meteoric rise in popularity has also led to an endemic growth in financial crime. Thanks to the lack of centralized regulation, criminals of all stripes have been able to scam or hack users of DeFi exchanges for vast sums of money. One only needs to look at the breach at Harvest Finance on October 26th, where hackers stole $24 million worth of Cryptocurrency from users.
It’s no surprise then that new research by Cer Live has exposed the depth of security failures and flaws in DeFi exchange systems across the web. Cer Live’s findings paint an alarming picture and should serve as a powerful cautionary tale for anyone thinking of using DeFi exchanges to manage their crypto.
Cer Live’s research team investigated 25 different decentralized exchanges during its research. Of the 25 platforms investigated by the group, they found that 14 used woefully inadequate and obsolete security systems to protect their platforms. Each platform’s security was assessed on a set of criteria, including transaction time and listing reliability, and then assigned a score from 1-10.
Scores of 6 or below indicated an “Unsafe” platform, whereas scores of 7 were “favorable,” and scores of 8 or higher are considered “good.”
Prolific DeFi platforms deemed unsafe.
DeFi exchanges that the report found to be unsafe include Harvest Finance (mentioned above) and the massively successful DeFi platforms Bancor and Loopring. Cer Live’s researchers have not yet offered individual reasons for why these platforms are considered unsafe.
Hacken, which published Cer Live’s research, commented:
“We encourage all DEX platforms to comply with best practices and perform security audits after each significant software update and also maintain a bug bounty program to get reports from third-party security researchers.”
While the research fails to offer specific failures targeted to each site, Cer Live’s report’s findings should be deeply concerning for all involved in DeFi platforms.