EXCLUSIVE: How DeFi Protocols Can Strike The Right Innovation—Security Balance With WeFi Group CEO
KEY POINTS
- Many projects are 'obsessed' with innovation, often leaving security behind: WeFi Group CEO Maksym Sakharov
- Teams should also be transparent, especially when high-profile figures are involved, Sakharov said
- 'DeFi projects must view security as part of their value proposition,' he added
The decentralized finance (DeFi) sector has seen significant growth in recent years as consumers engage in the new digital economy powered by blockchain technology and cryptocurrencies.
Data from DeFi Llama shows that DeFi protocols have reached a staggering $88 billion in Total Value Locked (TVL), demonstrating increased demand for decentralized solutions.
However, the DeFi landscape is haunted by security concerns. High-profile system breaches have resulted in hundreds of millions in crypto losses, raising alarms about the security of user funds.
In an exclusive with International Business Times, Maksym Sakharov, the Group CEO, co-founder, and board member of permissionless and borderless neobank WeFi, discussed the importance of striking the right balance in innovation and security when developing DeFi solutions.
DeFi Security Incidents Reinforce Perception Of 'Inherent' Risks In Crypto
Over the years, security breaches across the DeFi space have made it difficult for Web2 users to trust protocols. Furthermore, the yearly losses to scams, frauds, and exploits in the sector have only made trust the biggest barrier toward broader crypto adoption.
Sakharov acknowledged that traditional Web2 users find it very difficult "to trust a space that relentlessly experiences such high-profile hacks and cyber attacks."
For one, traditional finance consumers are accustomed to the built-in security and customer support that comes with centralized services and products. "Every time there's a new hack, it reinforces the perception that crypto is inherently risky, and they will ultimately lose their funds," he said.
There's also the issue on many DeFi protocols being too techy for individuals who want ease of access when engaging with finance. "The idea of navigating self-custody wallets and managing private keys can feel very daunting to such consumers," Sakharov noted.
On the other hand, Sakharov said the sector's evolution continues. "It would be unfair to say that we are not making progress. DeFi is evolving – the industry is seeing more secure protocols, improved auditing practices, and even insurance solutions," he said, adding that he believes trust will improve slowly but surely in the long run.
The Obsession Over Next-Gen Innovation That Pushes Security Aside
Many DeFi protocols and projects are working hard at improving security measures, especially with the evolving regulatory landscape and continuing security attacks on smart contracts – the heart of blockchain transactions.
The targeting of smart contracts has only led to concerns that DeFi has inadequate measures in place to protect user funds. At the core of such issues is innovation.
"I think most projects are obsessed with introducing the next biggest innovation in blockchain and DeFi, and security takes a back seat. The priority often becomes to launch the product, onboard users, and manage security responsibilities as they come," Sakharov said.
Under such a process, developers are pressured into building projects fast, which can then lead to testing and auditing oversight, he added. Smart contracts are inherently complex, and oversight in the building process leaves room for vulnerabilities that may not be discovered early enough before malicious actors' attack.
Another major issue is DeFi's decentralized nature. It is a boon to the unbanked, but it can be a bane to consumers who seek secure channels first over individual transaction freedom.
The responsibility of managing protocols is often on the shoulders of individual projects in DeFi. There are no central authorities that enforce long-held best practices for security, and in reality, not all projects prioritize security as they should. Some projects may want to put security first, but limited funding can make such a goal challenging.
Finally, hackers are evolving with time. "Hackers are always two steps ahead. There's a whole market in the dark web for automated attack tools, malware, and phishing toolkits – which makes it very easy for a non-skilled hacker to target and breach a vulnerable smart contract. While the industry is moving toward better solutions, it's a slow process and often reactive rather than proactive," Sakharov pointed out.
New Projects Raise More Questions Than Ever
As blockchain and crypto rings louder in the ears of the traditional Web2 world, developers and teams are racing to introduce new projects. However, some of them are triggering concerns instead of praises.
For instance, many crypto users raised concerns after a CoinDesk report revealed that the code of World Liberty Financial, the DeFi project of Donald Trump's sons, had a "strikingly similar" code to Dough Finance. The latter DeFi protocol lost over $2 million to an exploit.
"The biggest issue with Trump's World Liberty Financial project is transparency," Sakharov said, adding that the project's links to the Republican presidential candidate's personal family business is also being talked about. "Transparency can be a big red or green flag for a project off the door," he noted.
For Sakharov, projects should openly share team credentials, security audits, and governance structures. He added that teams should initiate clear communication about the project's goals, risks, and user data handling.
"Consumers have a right to know who's behind the project and feel confident that there are no hidden agendas, particularly with high-profile names," he said.
Balancing Security and Innovation in Development
Striking a balance in ensuring consumer protection and innovation boils down to how developers approach the development process. Prioritizing security during development is key, Sakharov said.
There should be mandatory audits, continuous code testing, and adopting formal verification for smart contracts. Smart contracts should also undergo stress tests to ensure they will perform as expected. Sakharov highly recommends incorporating decentralized governance models that will quickly act to patch vulnerabilities or automatically pause the protocol when risks are detected.
DeFi protocols should also consider bug bounty programs or collaborating with white hat hackers.
"DeFi projects must view security as part of their value proposition. Without a secure foundation, innovation becomes unsustainable because no one will trust the platform enough to use it," he reiterated.
Finally, every DeFi initiative should adopt a "secure by design" mindset before even attempting to enter the market. "Every new feature should be thoroughly assessed through the lens of potential vulnerabilities before implementation," he said, noting how fintech app developers adopt such practices, giving DeFi developers no reason to do the same.
The Missing Link – Education
One thing the industry may be missing throughout the evolution of DeFi is education. Not all people in the Web2 space are tech savvy. DeFi teams can provide resources to explain their platform's technology and benefits in simple terms, especially to help with onboarding first-time crypto users.
"When consumers feel informed and secure, they're more likely to trust the platform and engage with it confidently. Trust is earned through consistent actions, not just promises, especially in a sector that still battles widespread skepticism," Sakharov said.
© Copyright IBTimes 2024. All rights reserved.