DeFi investors lost almost $3.8 billion in 2022 following a series of highly publicized hacks that mostly involved smart contract exploits and vulnerabilities. But this year, one could be forgiven for thinking the DeFi hacking scene has suddenly become much safer, with a distinct lack of multi-million dollar crypto thefts hitting the headlines.
However, just because the news has gone quiet, that doesn’t mean DeFi hasn’t experienced any drama. The amounts stolen are noticeably lower, and the hackers seem to be getting sloppier, but the attacks are prevalent all the same.
In mid-February, a messy hack attempt saw someone get away with $8.5 million from Platypus Finance, or at least initially. It seems that the attacker must have been an amateur though, as he or she consequently lost a portion of the funds within their own smart contract, which was quickly frozen by Tether. The attacker also appears to have sent some of his illicit gains to the lending protocol Aave, which froze the amount and is discussing its return to Platypus.
In addition, the hacker’s wallet address was soon linked to a number of social media accounts by the crypto scam buster ZachBTX. And soon after that, BlockSec was able to carry out a “reverse-hack” to recover another $2.4 million of the stolen funds.
Elsewhere, more than $4 million worth of crypto was stolen from dForce Network and Midas Capital in two attacks that took place in January and February of this year. In both cases, the hacker exploited the same smart contract vulnerability. Luckily for dForce, it offered the hacker a bug bounty and was able to recover all of the funds.
Hope Finance has had less success in recovering the $1.8 million it lost following a Feb. 21 update to its protocol that was meant to divert assets to an external wallet. The project’s team quickly accused a colleague of rug-pulling the project, but it seems unlikely that the culprit will be held accountable. Efforts to identify the individual have been hindered because the modification was signed by all three accounts that control Hope Finance’s multisig wallet.
Ethereum’s Vulnerabilities Remain
The above incidents serve as a reminder that the world of DeFi is one that’s fraught with risks and dangers for investors. Worse still, the vast majority of successful hacks are not through any fault of the end users. Rather, most hackers exploit the smart contracts that govern and control the DeFi protocols they invest in, meaning that it’s really the developers who’re at fault.
There’s a reason for this. DeFi is far more dominant on the Ethereum blockchain than any other. Ethereum was the world’s first smart contract blockchain, and its dominance stems from its first-mover advantage, where it has supported decentralized applications since 2015.
The problem with Ethereum is that its smart contracts are “Turing complete”. What this means is that Ethereum’s smart contracts have the ability to run any algorithm or solve any computational problem, provided they are given the appropriate instructions, time, and resources to do so.
Turing-complete smart contracts allow for extremely complex structures with a multitude of computable functions and are often made up of thousands of lines of code. The more code there is, the more room there is for vulnerabilities to creep in. Worse still, developers build DeFi protocols using dozens of smart contracts, creating an enormous attack surface.
Could Bitcoin DeFi be the answer?
Bitcoin was originally designed as a peer-to-peer payments network only, and it doesn’t support smart contracts, meaning it cannot support DeFi in its original form. However, recent updates to the network have made it possible for developers to create DeFi applications that are native to Bitcoin.
It’s an exciting possibility because Bitcoin DeFi is likely to be safer than its Ethereum-based counterpart. That’s because Bitcoin is by far and away the most decentralized, and therefore the most secure blockchain of all.
Bitcoin DeFi was made possible by the Taproot upgrade that was implemented in November 2021, which introduced greater functionality around complex scripts. It essentially made it possible for developers to build dApps on Bitcoin via so-called “layer-2” networks or “sidechains”.
Prior to Taproot, the only way to use BTC in DeFi was to convert it to “wrapped” tokens on other networks. The most popular of these is Wrapped BTC, or wBTC, on Ethereum. Using wBTC made it possible to use Bitcoin with Ethereum-based DeFi protocols.
However, this meant that users face the same risks, as they still have to interact with Ethereum’s smart contracts. With native DeFi now possible on Bitcoin, it’s no longer necessary to convert BTC to an Ethereum asset, and its smart contracts can be avoided.
Until recently, the only real uses of Bitcoin were for storing value and payments. Now that it can accommodate DeFi, its utility has increased enormously, making it more attractive to a much wider audience. DeFi itself can benefit from the security and assurance that Bitcoin enjoys as the world’s most secure blockchain. It’ll bring more trust to the DeFi space overall.
Bitcoin DeFi Solutions
One of the best platforms for Bitcoin DeFi looks to be Mintlayer, a Layer-2 network that aims to make Bitcoin more scalable while supporting smart contracts. It enables Bitcoin DeFi, Bitcoin NFTs and more besides. In many ways it’s like a rival blockchain to Ethereum, only it benefits from Bitcoin’s increased decentralization and security.
Mintlayer was conceptualized in 2019 and aims to support DeFi development on both Bitcoin and the Lightning Network, which is a Layer-2 payment protocol that supports lightning-fast BTC micropayments at scale.
Mintlayer’s big advantage lies in its smart contracts. Whereas Ethereum’s smart contracts are Turing complete, Mintlayer’s are “non-Turing complete”. What this means is that they’re more specialized and have a simpler codebase. They lack support for concepts such as recursions, loops and other processes that don’t normally terminate on their own. The lack of complexity in Mintlayer’s smart contracts has a number of advantages.
Non-Turing complete smart contracts only support basic scripting functionality, meaning that there is less chance for developers to make errors when writing the code. The lack of support for complex loops and recursions also makes them easier to audit. Finally, the simplicity of non-Turing complete smart contracts ensures they can be executed using fewer resources, easing the network congestion that’s often found on the Ethereum network.
Mintlayer is not the only Bitcoin DeFi game in town. Its closest competitor looks to be Rootstock (RSK), which is an independent sidechain as opposed to a Layer-2 network. RSK dates back to 2017 and was designed to bolster Bitcoin’s capabilities through the introduction of dApps.
RSK relies on the same proof-of-work consensus mechanism as Bitcoin, using an algorithm that allows community members to participate in merge mining. With this, a single computer can validate transactions in two blockchains at once. RSK, therefore, shares the same hash rate as Bitcoin, and so theoretically it is just as secure.
Another rival is Stacks, which is an independent smart contract-capable blockchain that is linked to Bitcoin via its novel “proof-of-transfer” consensus algorithm. PoT makes it possible for Stacks to settle transactions on the main Bitcoin blockchain, thereby benefiting from the same level of security it offers.
Like Mintlayer and RSK, Stacks can support Bitcoin DeFi and NFTs, along with micropayments via the Lightning Network. It also features its own native token, STX, which can be staked to earn a passive income. In other words, it has its very own DeFi functionality that’s secured by the Bitcoin blockchain.
However, it should be noted that neither RSK nor Stacks support non-Turing complete smart contracts. In their case, they support regular Turing complete smart contracts, similar to Ethereum.
Does Bitcoin DeFi Have A Future?
Almost certainly the answer is yes. Given that the value of BTC has already grown significantly, it seems unlikely that it will see the same kind of explosive gains it made in the previous decade when the first generation of Bitcoin millionaires were created. So people are looking for alternative investments to grow their BTC holdings.
Bitcoin already has both the security and the liquidity, and now, with the addition of smart contract capabilities from projects like Mintlayer, RSK and Stacks, it has all the ingredients required for DeFi to take off.