In brief:
- Vitalik Buterin says malicious attacks aren't native to decentralized finance.
- The Ethereum co-founder conceded inherent attack vectors exist in DeFi, but says preventative measures can be applied.
- He said centralized finance projects get hacked just as often as DeFi counterparts.
Speaking at the ongoing Ethereal Virtual Summit 2020 conference today, Ethereum co-founder Vitalik Buterin touched on the subject of cryptocurrency hacks in the decentralized finance (DeFi) space.
Recently DeFi platforms have suffered several major hacks. In February, a trader used flash loans to siphon $1 million out of the DeFi ecosystem. Last month, open finance protocol dForce was hacked for $25 million—although the funds were later returned.
Interviewer Camila Russo of The Defiant asked Buterin whether decentralized finance had an inherent weakness. Namely, that it’s tendency to attract hackers would in turn attract regulators, who would inevitably try to close down the technology.
“Not at all. Plenty of responsible DeFi projects that have survived a long time without getting attacked. It’s definitely not an inherent property in DeFi itself, and there’s a way to do it responsibly, “ Buterin said.
Buterin pointed out the regularity with which centralized entities are attacked—sometimes fatally so—and referenced two of the worst attacks to hit centralized exchanges in recent times.
“Centralized exchanges get attacked all the time. Mt.Gox in 2014, Bitfinex in 2016. Centralized finance definitely gets attacked over and over again,” he said.
Russo suggested the open-source nature of many DeFi and cryptocurrency projects could be an obvious attack vector. Having code for these projects publicly available makes it easier for hackers to gain an understanding of their internal mechanisms.
Buterin conceded this could be an issue, but brought attention to the benefit of having peer-tested technology which can be audited, reviewed—and contributed to—by anyone with the abilities and inclination.
The Ethereum co-founder also described a unique variation of the “tall poppy syndrome” in cryptocurrency, where success attracts unwanted attention. Security measures can be put in place, but if one well-known application ignores those measures and gets hacked, the entire DeFi space gets tarred with the same brush.
“There's definitely a limit to how much we can do at the end of the day, as a big project can come along that doesn't do any of these things and just attracts more and more users and then goes [gets hacked] quickly,” he said ominously.
It’s time for DeFi to slow down.