Cointime

Download App
iOS & Android

Safety Best Practices for Crypto Users to Avoid Being a Victim of DeFi Hacks

Validated Individual Expert

The DeFi space can’t seem to catch a break. We just suffered another massive hack. To be precise, a $190 million bridge hack. Several hours later, Reaper Farm, a yield aggregator on Fantom blockchain is exploited for $1.6 million. And then, as I am writing this right now, a widespread Solana wallet hack is currently ongoing.

Hacks are inevitable in DeFi. It is a part of the risk of venturing into the unknown DeFi land. (I know, it sucks.) Trying to look into the silver lining, we can hope with every event, hacks would make the crypto space more anti-fragile.

Meanwhile, we can do our best to protect ourselves by practicing DeFi safety best practices.

Stablecoin best practices to avoid hacks

Stablecoins often give a false sense of security. Especially on a bear market, the phrase “I’m in stables” means you took profit, and have a lot of cash to buy the dip. But the recent Nomad hack, and before, Harmony’s Horizon bridge hack revealed a hidden danger of stablecoins many weren’t aware of before.

Stablecoins aren’t always native to the chain you’re using them in. Like ETH on Cosmos ecosystem, for example, your ETH isn’t exactly real. It’s merely a contract that proves you have the ETH.

When you bridge, you gave a smart contract your USDC on the origin chain, and the protocol mint you a USDC-like contract on the destination chain. Your USDC on the origin chain is no longer in your custody. It left your wallet and dwell on the bridge contract until you redeem back later when you bridge back. These USDCs can be stolen if the contract gets hacked, just like what happened in Nomad, and Horizon Bridge.

When the ‘original’ assets are stolen, your ‘not-real’ stables on the destination chains will be no longer backed. It is practically worthless.

You must take a good look at the native status of a stablecoin. Take example USDC.

  From their official website


As it turned out, your USDC will only be a native asset on just 8 chains. Beyond that, you are dealing with ‘fake’ USDC. In EVMOS, it’s madUSDC. In Harmony, it’s 1USDC.

Meanwhile, for Tether/USDT 👇.

it’s safer to hold USDC and USDT on Tron than on a respectable L2 like Arbitrum. (Just in case you aren’t aware, Tron is viewed as a joke in the crypto industry.)

It also applies to other stables too, including algorithmic ones. An algostable is not always natively deployed. For example, DAI and FRAX are only native to Ethereum while MIM is available natively on 6 chains.

So, what can we do to minimize the risk of unbacked stablecoins?

Picking stables based on your purpose

Plenty of us likes to hold in stables to wait for a better price. For holding:

  • If you want to be safe, hold it on Ethereum. As it is practically the home of major stablecoins.
  • Hold a stablecoin where it is native to that chain.
  • Riskier stablecoins are useful if you want to indulge yourself in more risky activity. For example, MIM is great for leverage, but MIM is not a good idea for holding because it’s de-pegging risk.
  • Once you’re done degen-ing, switch back to the safer stables while holding and waiting for the next opportunity.

Consider native assets

Native stablecoins. Native tokens. Native coins.

That means owning a coin on its own native blockchain. Store your ETH on the Ethereum network, Bitcoin on Bitcoin, $ATOM on a cosmos wallet, and so on.

Bridging makes it possible for assets to move cross-chain, but just like the stables above, when you own BTC on an Ethereum chain, you will get the wrapped version of BTC (WBTC). It’s not the ‘real’ Bitcoin.

Owning native assets on native chains is best practiced for investing/DCA, holding in a cold wallet, or simple staking.

However, I can’t tell nor discourage people to stop farming on a ETH pool on non-Ethereum chain, as not only that degen gonna degen, but also some best opportunity often comes from these high-risk opportunities. Hacks not gonna stop people for bridging ETH to farm airdrops in a new chain.

But to minimize risk, of course, use basic DeFi common sense such as not using more than you can afford to lose. I think most safety practices in DeFi boil down to understanding what you’re getting into.

Understand the risks of protocol

Some types of dApps are riskier to get hacked than others. Since the birth of DeFi in 2019-2020, we can see a pattern on which types of dApps are risky, and which ones are less risky.

Know your level of risk before using them.

Lending protocol and yield aggregators get hacked frequently. (Notable lending protocol hacks and aggregators: Cream Finance, BadgerDAO, Hundred Finance.)

Since 2021, the year when the cross chain becomes popular, bridges shoot up to be #1 most exploited type of dApp. Notable bridge hacks include Ronin Bridge, PolyNetwork, Wormhole, Harmony Horizon Bridge, and recently, Nomad.

Those three are ripe for hacking. On those protocols, a lot of money is pooled in one place, often in one smart contract. The smart contracts code is far more complicated than say, on a DEX, especially on anything that involves cross-chain. The more complicated the code, the higher the chance devs slip up and unknowingly introduce vulnerabilities.

On the other hand, simple staking, LP pools, and swapping barely got hacked due to a much simpler smart contract logic.

Safety best practices for wallets

The crypto space was a mess when wallets are drained on Solana Blockchain and people don’t understand what was wrong. Another slap in the face and a reminder about how safety wallet practice is a must for crypto users.

A lesson taken from the incident is still the good old ‘Freaking use a hardware wallet.’

It’s always the number one rule.

I know, that hardware wallets in some cases can be inconvenient. Especially for activities where speed is important (sniping NFTs, trading, and bots.) But that’s what wallet categorization is for.

Phew.

Finishing this guide made me think how complicated DeFi sometimes can be. With more control — of your wealth — crypto does come with more responsibility. (Insert “we’re still early” meme). It’s also a price to pay for higher profit than in any other assets class. The classic ‘higher risk righer return.’

But trust me, though it might look overwhelming at first, eventually you’re get used to the safety practices above.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Citi: Tencent's WorkBuddy Gains Momentum, Maintains 'Buy' Rating

    On July 7, Citi released a research report stating that, according to the latest industry data, Tencent's AI agent product WorkBuddy has reached 20 million monthly active users (MAU) and over 13 million daily active users (DAU), with a DAU/MAU ratio between 65% and 75%. Considering the product has only been launched for a few months, user stickiness and daily engagement are performing strongly. Citi quoted Tencent's management as saying that in terms of daily active users, Tencent is leading its Chinese peers in the deployment of AI agents. Early user data reflects strong natural growth for both CodeBuddy and WorkBuddy, with high retention rates. Early users are interacting with the AI agents for long durations and with high frequency, creating a positive feedback loop. It is expected that AI products will become a key revenue source for Tencent Cloud. The firm believes that WorkBuddy's success demonstrates the strength of Tencent's ecosystem, the synergy between various productivity tools, and users' trust in Tencent's products and security. Citi maintains a 'Buy' rating on Tencent with a target price of HKD 763 unchanged.