There has been much talk of recent ‘breakthroughs’ in decentralized finance, particularly in the cases of Harvest Finance and Pickle Finance. This conversation is more than necessary given that hackers stole more than $ 100 million from DeFi projects in 2020 and accounted for 50% of all hacks this year, according to a CipherTrace report.
Related: A Summary of Crypto Hackings, Their Exploitation and Highlights in 2020
Some suggest that the incidents were just loopholes that highlight vulnerabilities in their respective smart contracts. The kidnappers did not break into anything, but rather entered through the unlocked back door. Since hackers exploit flaws without penetrating them in the traditional sense, ethical actions are justified.
The differences between exploitation and hacking
Security issues are at the core of the loopholes. A security issue is a security vulnerability that an attacker can exploit to breach a resource’s confidentiality, availability, or integrity.
Vulnerability is specially designed code that enemies use to exploit a specific vulnerability and endanger a resource.
Although mentioning the word “hack” when applied to the blockchain can be confusing to an outsider in the industry unfamiliar with technology, as security is one of the key factors in the overall appeal of distributed control technology. It is true that the blockchain is by nature a secure method of exchanging information, but there is nothing quite outrageous. There are certain situations where hackers can gain unauthorized access to blockchains. These scripts include:
51% attack: These breaches happen when one or more hackers control more than half of the computing power. This is a very difficult accomplishment, but it does happen. At the end of August 2020, Ethereum Classic (ETC) faced three 51% successful attacks in one month.
Generation errors: They occur when security errors or bugs are ignored during smart contract creation. These scenarios represent vulnerabilities in the most important sense of the term.
Insufficient Security: When hacking by gaining unnecessary access to the blockchain using poor security methods, is it really bad to leave the door open?
Are companies more ethical than piracy?
Many argue that doing something that is impossible without consent can be considered ethical, even if worse actions can be taken. This logic also raises the question of whether the exploitation is 100% illegal. For example, a US company registration in the Virgin Islands can be viewed as a legitimate tax “abuse”, even if it is not on the face of it unlawful. Hence, there are certain gray areas and loopholes in the system that people can take advantage of, and exploitation can also be considered a loophole in the system.
Then there are cases like cryptojacking, which is a form of cyber attack where a hacker takes possession of the computing power of a target to extract the cryptocurrency on the hacker’s behalf. Cryptojacking can be harmful or not.
It might be safe to say that exploitation is far from ethical. It can also be avoided completely. In the early stages of the smart contract creation process, it is important to follow the most stringent standards and best practices for blockchain development. These standards are designed to prevent vulnerabilities, and ignoring them can lead to unforeseen consequences.
It is also important for teams to conduct extensive testing on the test network. Smart contract auditing can also be an effective way to spot vulnerabilities, although many auditing firms do audits for very little money. The best approach for businesses is to get more checks from different companies.