As Web3 evolves, security remains a top concern for cryptocurrency companies. Most of these companies rely heavily on smart contract audits before deployment, believing that such audits will protect their projects and customer funds from hacking. However, recent data reveals a stark truth: 90% of hacked smart contracts underwent pre-deployment audits. This statistic highlights a critical flaw in the current approach to Web3 security.
The following opinion editorial was written by Michael Pearl, Vice President of Go-To-Market, Cyvers.ai.
The Role of Smart Contract Auditing
Smart contract audits are certainly an important element of any cryptocurrency project’s security architecture. These audits help identify common vulnerabilities and security-related errors before the contract is deployed. It is common practice to conduct multiple audits by different companies to ensure that any potential issues are detected and addressed.
However, while audits reduce endpoints and the likelihood of hacking, they do not make a system perfect. Audits are only part of the picture. They can find common vulnerabilities, but they cannot account for new, sophisticated attack vectors that may emerge after deployment. Therefore, relying on audits alone does not mean doing everything possible to secure a system.
Case Studies: Audited, Then Hacked
The list of projects that have been hacked, despite having their smart contracts audited—often more than once and by more than one auditing service provider—is unfortunately long. Some recent examples illustrate the gap between expectations and actual results.
Dough Finance was hacked on July 12 this year and lost $1.8 million. The project's contracts were audited by at least one auditing firm in November 2023 and were even labeled as "low risk" by the auditor.
UwU Lend was hacked twice, on June 10 and 13 this year, losing $19.3 million. The company's smart contracts have been audited by at least one auditing firm.
Radiant Capital was hacked on January 3 this year and lost $4.5 million. The company claims that its contracts were audited by four different auditing firms, described as “the best in the world” in company documents.
Euler Finance’s smart contracts were exploited on May 13 last year, resulting in a loss of $197 million. According to the company, its contracts were audited by four leading auditing firms.
DeFi protocol LI.FI was hacked on July 16 this year and lost around $11 million. Two years before the attack, the company published a blog post proudly showcasing the fact that it had been audited by two auditing service providers.
The Missing Element: Real-time Monitoring and Pre-Trade Screening
Many companies overlook the importance of real-time monitoring and pre-transaction screening to assess risk. These components are essential to a comprehensive security strategy.
Real-time monitoring provides continuous monitoring of deployed smart contracts, detecting and responding to security issues, scams, fraud, and other malicious incidents as they occur. This proactive approach significantly reduces the opportunity for hackers and allows immediate action to mitigate potential damage.
Pre-transaction checks assess the risk of transactions before they are executed, helping to block malicious actors and prevent fraudulent activities. By integrating this check, companies can ensure that only legitimate transactions are processed, further strengthening their security posture.
The need for crisis management mechanisms
In addition to real-time monitoring and pre-trade screening, it is important to implement crisis management mechanisms such as pause functions and other circuit breakers. These functions can be automated or manual and are essential for responding in real-time to alerts from monitoring and detection systems.
Conclusion
Smart contract audits are an essential part of Web3 security, but they are not enough. To truly secure cryptocurrency projects, companies must adopt a comprehensive approach that includes real-time monitoring, pre-transaction screening, and robust crisis management mechanisms. By integrating these advanced security measures, cryptocurrency companies can significantly improve their security posture, protecting their projects and customer funds from the ever-evolving threats in the Web3 space.
What do you think about the views and opinions of the Cyvers.ai CEO? Please share your thoughts and opinions on this topic in the comments section below.
#binance #DOGSONBINANCE #WEB3 #BNBChainMemecoins $BTC $ETH $DOGS
