If Developers Had Implemented Simple Security Measures, The Crypto Hacks Of 2022 Might Have Been Avoided
For Ethereum, users losing money due to malicious activity is hardly uncommon. Researchers recently proposed introducing a kind of token that is reversible in the event of a hack or other undesirable behaviours. (Crypto)
According to the proposal, modified versions of the rules governing both regular Ethereum tokens and nonfungible tokens, known as ERC-20R and ERC-721R, would be created (NFTs).
The basic idea is as follows: With this new standard, users could “freeze request” recent transactions to lock funds until a “decentralized judiciary system” could decide whether the transaction was valid. Both parties would be permitted to present their evidence to reduce collusion, and the judges would be selected randomly from a decentralized pool.
After the procedure, a decision would be made, and the money would either be returned or left in its current location. The decision would then be considered final and would not be challenged again. This would create a realistic way for those who have lost money due to hacking or other malicious activity to get it back directly and democratically.
Unfortunately, this idea may be unnecessary and ultimately harmful. The decentralized philosophy’s tenet that transactions only flow in one direction is one of its foundational tenets. They cannot be undone in almost any situation. This new protocol change would contradict that fundamental principle and attempt to fix an unbroken system.
And even if such tokens were implemented, it would be a logistical nightmare. Without every platform adopting the new standard, there would be significant gaps in the system, allowing thieves to easily switch their reversible assets for non-reversible ones and completely escape the consequences. Because of this, the entire asset would lose all utility, and users would probably stop using it altogether.
Also Read,
A Few Central Banks Have Given Up On The Race For Digital Currencies, Crypto
Additionally, the concept of judicial review as a whole implies centralization. Isn’t the very purpose of crypto currency to be independent of a third party? The current proposal doesn’t specify how these judges will be selected other than to say that it will be “random.” It’s difficult to say that collusion or manipulation is impossible unless the system is carefully balanced.
A better suggestion
In the end, while the idea of a reversible crypto asset may have been well-intentioned, it was also completely unnecessary. Even if platforms decide to use it, the premise adds a great deal of new complexity to the process of actual system integration. In the decentralized ecosystem, there are other methods for achieving security that does not interfere with the fundamental strength of crypto currencies.
One is the ongoing auditing of all smart contract codes. Exploits found in the underlying smart contracts are the root of many issues in decentralized finance (DeFi). Before these protocols are made public, thorough and independent security audits can assist in identifying potential problem areas. Additionally, it’s crucial to understand how various contracts will work together once they go live because some problems only surface when they are put to use.
Any contract deployed will have risk components that must be monitored and countered. However, a lot of development teams lack a reliable security monitoring solution. On-chain diagnosis is frequently the first indication that something is wrong.Â
Massive or unusual transaction volumes and other patterns may indicate a real-time attack. Recognizing and comprehending these signals is the key to staying on top of them.
Of course, a system must be in place for recording events, documenting them, and relaying the most crucial information to the appropriate parties. Some alerts can be distributed to the developer team, while others can be made public. Better security can be implemented to support the decentralized ethos rather than being relegated to a judicial review once the community is informed.
Let’s consider the Ronin hack as an illustration. The project team didn’t become aware of the attack for six days; they were only made aware when a user complained that they couldn’t withdraw money. The first significant suspicious transaction could have been addressed almost immediately if the network had been subject to real-time monitoring. Instead, no one caught on for nearly a week, giving the attacker plenty of time to keep moving money and hide their past. It should be fairly clear that monitoring could have helped in this situation rather than reversible tokens. Many of the stolen coins had already been moved around wallets and exchanged several times by the time it was discovered. Couldn’t we reverse all of these transactions?Â
This endeavour isn’t worth the effort due to the complexity that has been added and any potential new risks that may have been created. Especially when powerful mechanisms that can provide a comparable level of security and accountability already exist.
It would be much more sensible to implement thorough and ongoing security processes across Web3 so that decentralized assets remain immutable but not unprotected rather than tampering with the formula that makes crypto so potent.
Also Read,
