Decentralized Finance (DeFi) is opposed to centralized finance (CeFi), characteristic of the so-called “traditional” finance. DeFi allows any private individual to have access to more or less risky products that are generally reserved for regulated professions: investment banks, investment funds, etc.
DeFi is characterized by a number of specific features:
- It is “permissionless”, meaning that users do not need to request access from any authority.
- It is used thanks to blockchain technology and has all its characteristics: pseudonymity, immutable and very often based on the use of algorithms.
- It involves many risks.
These risks are of various natures and require rigorous management of your funds.
“Honey Pot” risk
What the crypto community calls a “honey pot” is getting your funds drained as a result of an action you shouldn’t have taken.
The problem with honey pot is that it can take many forms: connecting to a DApp, approving a transaction, forging an fake NFT mint, interacting with a malicious token, etc.
To avoid any unpleasant surprises, you must be as rigorous and suspicious as possible:
Do not interact with an unknown token that has suddenly appeared in your wallet, first find out about the latter on the internet and social networks, there will often have been a victim before you. As a matter of principle, move your capital to another address, or even another wallet.
It is necessary to constantly inform yourself about the NFT project that you intend to mint
- What is the vision, is it stolen art?
- Is the work of quality?
- Does the project have a site?
- What is the quality of this site?
Understand that the majority of scammers are not artists and are looking for quick profit, so there will be weak signals to detect: the product is poorly finished, of medium or even poor quality, you have little information about the rest of the plan, you get vague and evasive answers from the administrators…
“Rug Pull” risk
This risk is not “technical”, namely that it is not a problem of poorly developed or fraudulent code. Rug Pull means that the administrators ran away with the cash, i.e. the protocol on which you have deposited your funds is managed by malicious individuals who have stolen it.
It is difficult to predict this since the only people responsible are the project team itself. Nevertheless, a rug pull can be identified through the set of indicators described above: little resource investment, etc.
Faulty smart contract danger
The risk of a faulty smart contract is present from the moment you interact with the DeFi. It is an error in the code of the smart contract used (via a DApp) that could reveal a security breach. This would result in the loss of your capital due to a bug or the exploitation of that breach.
Applications interacting with blockchain networks typically implement two forms of security:
- The bug bounty that rewards developers for finding security breaches. The protocols rely on the goodwill of the people who found the breach by rewarding them financially for their help. These practices have become professionalized to become a profession in itself: “white hat”.
- Code auditing by smart contract development experts. The more numerous and complete the audits are, the more secure the protocol can be considered.
Honorable mention to the longevity over time: a project that lasts over time without ever having been attacked with a consequent total value locked (TVL) is in a way a bug bounty that could never be retrieved. A known project that has never been attacked can be a guarantee of security.
There is no such thing as zero risk and the risk of errors persists even with the most serious audits. Note that this risk naturally increases with the use of different layers or overlays on the same network.
It is therefore not advisable to overexpose yourself to a single DeFi protocol, as you risk losing all of your funds in the event of a hack and you will not be able to complain to your banker for reimbursement.
A risk that goes hand in hand with the defective smart contract. However, this is not a bug blocking your funds, but a security breach exploited by people with bad intentions.
It is also possible to hack someone without having much computer knowledge, by taking control of the victim’s computer remotely for example.Don’t use cracked software, it happens frequently that people end up with an empty wallet after trying to crack a game or a video/photo editing software.
Fraudulent connection possibility
Distributed ledgers like those of the blockchain are online and public ledgers. The content of your wallets is therefore visible to anyone. Only the pseudonymity of your address, private key and password of your wallet stand against theft.
To prevent a malicious person from stealing all of your capital, you need a hardware wallet like Ledger, which will prevent transactions from being approved when it is disconnected. This way, even if your computer is hacked, it will be impossible for a thief to move your funds.
Guide: secure your crypto currencies and avoid hacking
Some basic tips
This list is not exhaustive, that is why it is imperative that you keep in mind a certain number of tips:
- Protect your funds with a hardware wallet.
- Be suspicious of any project.
- Do your own research BEFORE logging into the site
- Your first connection to a new DApp should be with a blank address with very little funds on it
- Don’t trust anyone on social networks (Twitter, Discord, etc).
- The administrators will NEVER come and send you a DM on their own initiative.
- Be aware that there is no such thing as 0 risk, especially in DeFi, so only invest what you are willing to lose.
Moreover, be careful with companies specialized in project verification, they are not infallible!
Below is a post denouncing a company that validated an NFT collection that turned out to be a honey pot when approving the mint.
Stay Safu !