The decentralized finance (DeFi) market has become a red-hot segment of the fintech industry, pulling in tens of billions of dollars. This remarkable expansion has been marred by an alarming context of insecurity. According to a new report from CoinTelegraph Consulting, in 2024 alone, users have lost close to $1.5 billion from security exploits and fraud. A new report from the digital asset security firm Beosin spotlights major security blunders that crypto investors often commit, putting them at risk of scams and hacks.
Over-Reliance on Two-Factor Authentication
These users tend to rely on two-factor authentication (2FA) as their first line of defense. Two-factor authentication, known as 2FA, is a way to verify your identity using two different factors. This additional security measure prevents anyone from logging into your account without your permission. Shockingly, 57.1% of users use nothing but two-factor authentication (2FA) to protect themselves from rug pulls. At the same time, 49.3% implement 2FA only to safeguard against smart contract exploits. By putting so much emphasis on just one security measure, they’re creating a massive hole in their security defenses.
"Two-factor authentication has been one of the best solutions for keeping wallets safe." - a participant in the survey.
Although 2FA is an additional security measure, it’s not the end-all be-all. Holistic security initiatives are critical to protecting digital properties from even the more sophisticated threats.
Neglecting Token Approval Checks
A major blindspot of DeFi users is not frequently checking and revoking token approvals. A mere 10.8% of participants routinely revoked token approvals to guard against rug pulls. An even smaller percentage, just 16.3% of respondents, routinely monitored and revoked token approvals as a means of guarding against smart contract exploits.
These numbers show how many users do not know or are careless about token permissions. This willful negligence leaves room for bad actors to take advantage of easily avoidable vulnerabilities. Staying on top of regularly reviewing and revoking unused token approvals is an important aspect of protecting yourself in the DeFi space.
Reactions to Scams: A Mixed Bag
A scam on a DeFi project’s users highlights the diversity of behaviors and motivations among impacted users. Alarmingly, more than a quarter of participants didn’t take any action following a scam. Perhaps most concerning of all, 16.4% of respondents further entrenched themselves by pouring even greater sums into alternative DeFi services following a scam.
These reactions attest to people’s utter lack of understanding of their risk. As a result, they tend to continue engaging in risky behavior, despite having faced perilous outcomes previously. Eighteen point seven percent of all scam victims said they frequently check their token approvals now—after the fact. This is a positive sign that users are indeed learning from their mistakes and are actively doing the work to improve their security practices.
"My belief in cryptocurrency has grown stronger after that because I made good money from it." - a user who lost $4,700 due to a rug-pull incident.
More than half of the victims said their belief in DeFi either stayed the same or grew stronger after the incident. This indicates an incredible sentiment of hope amongst users planning on diving back into DeFi.
The Human Element in Crypto Security
Education is key when it comes to the human element, a major factor behind crypto security. Mingyi Liu is a doctoral student in the School of Computer Science at Georgia Institute of Technology. He underscores the importance of user awareness and education in mitigating risk. The goal of Bitcoin, the first cryptocurrency proposed in 2008, was to create a digital currency free from banks and governments. This same decentralization leaves users with the responsibility to safeguard assets, putting the onus on borrowers and lenders.
"because a hacker would have to override an entire blockchain" - a participant in the survey.
Additionally, the fallacy that blockchain technology is somehow automatically hack-proof might create a false sense security and cause partners to compromise security standards.
Front-End Attacks and the $1.5 Billion Heist
Or one of the largest recent $1.5 billion crypto heist which was attributed to a front-end attack. This form of attack aims at manipulation of the UI/UX of a DeFi protocol. This can then expose vulnerable smart contracts to manipulation attacks or provide attackers the ability to steal private keys. This case reflects the evolving nature of cyber threats within the crypto ecosystem. We need to be on guard and responding to these developing safety threats.
One reason front-end attacks can be difficult to detect is that they often don’t involve directly hacking onto the blockchain itself. Rather, they focus on the access points by which users enter the system and experience its harms.
