Skip to navigation Skip to main content Skip to footer

How Can Cyber Security Adoption Accelerate the Growth of DeFi?

25 July 2022

By James Pearce

In this article:

  • Decentralised Finance (DeFi) will bring major disruption and adoption on a scale similar to that of cloud, social media, and the smartphone.
  • As a technology, the blockchain is often presented as safe and transparent. However, there are vulnerabilities and there's been a volume of high-profile attacks.
  • We believe DeFi platforms must take a proactive, tech-driven approach to cyber security that provides investors confidence and accelerates industry transformation to achieve positive social change.

Decentralised Finance (DeFi) is already changing the financial services industry. Over the next five years, we expect to witness a shift as significant, if not larger than, social media, mobile, and cloud adoption (circa 2010). From 2020, Europe, in particular, has seen an increase in the number of issuers launching crypto ETPs as investors' interest and due diligence have risen.* Leading governments and regulators are forming a consensus that chasing away crypto will push talent, innovation, and prosperity away from their jurisdictions, resulting in missed opportunities in DeFi. Cryptocurrencies have provided 1.8 billion people with mobile devices access to financial services, allowing them increased access to financial services — for some, for the first time.

Over $70 billion currently exists within DeFi. To drive growing investment volumes, DeFi platforms must implement a proactive, tech-driven approach to cyber security that provides investors confidence and accelerates industry transformation, achieving positive social change.

Blockchain as a technology is often presented as the safest and most transparent vehicle to store data without intermediaries. Therefore, the cyber security risks are not related to the technology but rather to the process of storing and trading digital assets. To prevent this risk, we recommend implementing a governance and security strategy before any transaction occurs. In addition, ongoing monitoring is required with specialised technology as a service.

 

The specific cyber security risks that DeFi is associated with:

  1. "Rug pull" occurs when a developer attracts investors to a new cryptocurrency project and then steps out before the project is built, leaving with a worthless currency. The founder of OneCoin, Ruja Ignatova, for example, vanished and defrauded $4 billion from investors by selling fake currency.
  2. Threat actors can break into DeFi platforms to steal funds. For example, in early December 2021, the crypto trading platform Bitmart announced that hackers broke into a company account and stole almost $200 million.

Massive hacks, data breaches, digital scams, and ransomware attacks continue to rise throughout the first half of 2022. With the current geopolitical situation, cyber security vulnerabilities and digital attacks have become a primary risk for the financial system.

During the initial stages of the cryptocurrency ecosystem's development, the tools and mechanisms for storing, converting, and managing the system seemed to form at lightning speed. As we evolve from "investment" into "transformation" in market adoption, security needs to be embedded in much the same way.

Just like in existing IT environments, there are incidents in digital assets, and there is a need to protect data. Yet the strategy, skill sets and execution are different, and very few individuals can succeed in the growth phase, even when enabled by cyber innovation.

 

How to do DeFi safely

This agile, fast-paced sector could democratise finance and provide tremendous societal and economic value. But it also enables criminal activity, bypassing many controls placed on illicit finance and giving malicious actors the ability to steal assets remotely. Given DeFi's relative immature cyber resilience, this is possible on a never before seen scale. 

Whether you're an investor, a DeFi platform, or an intermediary, we recommend that you take a proactive approach to security that's flexible, scalable, and enables your leadership team constant visibility. It's likely that you'll need support from a leading cyber security technology and advisory partner to give you a breadth of end-to-end security lifecycle capabilities which span across audits, assessments, advisory, technology-based managed services, software resilience, testing, vulnerability management, incident response, and incident remediation. You'll want to work with someone who has been extensively involved with business transformation through cyber security, DeFi customers, and financial services organisations just like yours.

 

(*) The European market holds the most significant interest in Crypto exchange-traded products (ETPs), with 73 crypto ETPs and 60% of the global crypto market and the SIX Exchange is one of the largest exchanges in the world for crypto ETPs.

James Pearce

James Pearce

Director of RM&G, NCC Group

James started in cyber security, purely by accident, in 2008. Initially working on PCI DSS and ISO 27001 compliance projects with private sector clients before becoming a QSA in 2012 and joining NCC Group in 2013.

James is a Director within NCC Group’s Consulting and Implementation practice working primarily with private sector clients in industries including FSI, TMT, professional services, and retail.

James’ focus is on building cyber security programs to help organizations improve their cyber resilience. James is also part of our Strategic Advisor team and regularly speaks at client events, including NCC Group’s CISO Council.

Still have questions?

Reach out to us if you're interested in learning more about the security threats facing DeFi and building your cyber resilience against future attacks.