I see more and more news about how hackers morally humiliate DeFi tools and steal hundreds of millions of dollars from them.
Even such giants as Harmony, Wormhole and other bridges could not defend themselves.
I can’t understand what actually affects the security of the DeFI project? Blockchain on which it is running? Security protocol? At this point, do you even use DeFi Bridges? If so, then why?
>I can’t understand what actually affects the security of the DeFI project? Blockchain on which it is running? Security protocol?
Complex software often has bugs. In the case of blockchains and DeFi applications sometimes these bugs can be exploited to steal money, so there’s a strong incentive for bad actors to find these bugs.
The security of a DeFi projects depends on:
1. its code. Most hacks happen due to bugs in smart contracts. These contracts are almost always open-source which makes them easily auditable by anybody, and they often go through security audits but sometimes this is not enough. This was the case with the Wormhole hack that you mentioned
2. its admins and owners. Ideally DeFi contracts shouldn’t have admins, but that’s not always the case right now. Many DeFi protocols have special addresses that have special privileges and powers. This was the case with the Harmony bridge – 2 addresses had the power to mint an infinite amount of tokens on the Harmony chain, or steal all assets from the Harmony bridge contract on Ethereum.
Bridges are very difficult to develop and secure, this dashboard is probably the best breakdown of bridge risks: [https://l2beat.com/bridges/risk](https://l2beat.com/bridges/risk)
>At this point, do you even use DeFi Bridges? If so, then why?
Native bridges like the rollup bridges for Optimism, Arbitrum and zkSync and very different from the Wormhole and Harmony bridges, they’re the safest cross-chain bridges out there.
Avoid the rest, unless you have a good reason to use them and understand the risks. Also, keep in mind that often the biggest bridge hack losers are those who provide liquidity for bridge pools.
Bridges are usually the culprit or exploits in smart contracts. The network isn’t always to blame when DeFi on it is hacked. I think bridges implementing code audits and a bug bounty program is the way to go. Polygon does this and their bridge is one of the safest out there.
To tell you the truth I don’t understand much either, I’m not an expert on this subject either to know exactly what’s going on with DeFi and hackers haha.
Answering your question, I use Avalanche bridge, I’m not complaining about anything, it’s fast and secure and it’s on a solid network that hasn’t suffered any attacks, so for now I don’t have to worry about that kind of problem