$5 billion. That’s how much has been cumulatively lost to DeFi hacks and exploits. October 2022 will go down as the worst month on record, with almost $700M lost to a string of attacks that included Mango, Moola, Bond, and Binance Bridge. While centralized crypto platforms have their own security issues, they can’t match the frequency or size of DeFi’s exploits, which have become a weekly occurrence.
Developers of decentralized finance protocols have endeavored to resolve the attack vectors by which the most common hacks are perpetrated. But despite their best efforts, the fact remains that smart contracts, no matter how thoroughly audited, retain a certain degree of risk. Eliminating all possible angles of attack is unfeasible, and thus the industry is forced to accept that funds will be lost to exploits from time to time.
In the wake of the Mango markets hack, one proposal for shoring up DeFi protocols has been gaining traction. Created by EOS Network Foundation, the organization tasked with developing the EOS blockchain, it’s a bold attempt to incentivize better protocol security while providing restitution for users affected by hacks.
DeFi Security as a Service
As Yves La Rose, CEO of EOS Network Foundation, explains, two solutions are being implemented that work in tandem: Yield+ and Recover+. He elaborates: “Yield+ is a rewards program to help incentivize more liquidity, grow TVL, and offer sustainable earning opportunities on $EOS. Recover+ offers solutions to recover hacked funds and ensure #EOS users are protected.”
While these two issues may ostensibly seem distinct, they are connected in that liquidity can only grow when users have confidence in the security of the protocols. dApp developers, meanwhile, need the incentive to prioritize security rather than simply shipping code and hoping it’s good enough.
Two Proposals That Work as One
Yield+ is designed to increase opportunities for dApp developers to be rewarded and for EOS users to earn a yield on the network. So far, 13 protocols have begun using Yield+, with a combined TVL of almost $17M. Each quarter, 625,000 EOS is distributed to these projects, which is, in turn, passed on to users. To be eligible for the program, projects must meet strict criteria that include optimizing their security and verifying the identity of team members.
Then there’s Recover+, which has been described as an “emergency reaction” product. Basically, it’s called upon when SHTF and a hack occur. In such cases, projects enrolled in the program can react quickly, enacting a proposal for how best to handle the fallout and make their users whole again to the maximum extent possible.
19 projects have signed up for Recover+ so far with a TVL of $47M. There have been zero security incidents to date and EOS users will be hoping it stays that way. Could a product such as Recover+ be introduced to other DeFi networks? If October’s spate of hacks continues at the same rate, DeFi users will be willing to countenance anything that helps.