Security: The lock and the key to the future of blockchain

The invention of blockchain by Satoshi Nakamoto has changed the course of the 21st century. Decentralized, censorship-resistant technology will only grow in importance over the coming years. Decentralized finance (DeFi) — though just a couple of years old — is already showing the world how it can advance financial inclusion and opportunity for everyone, not just the minority lucky enough to be born in a more economically developed country. But for blockchain technology to fulfill its full potential, the security standard needs to mature.

In 2021, more than a billion dollars were lost to nearly fifty hacks and exploits of DeFi protocols. For an industry that needs greater legitimacy to enable wider adoption, there will have to be a course correction to rebuild trust. Exploits drain funds from the wallets of the users whose participation is essential to continued innovation, deterring existing and potential adopters and setting the whole space back as a result. However, it’s worth noting that 2021’s losses represent a decline in the proportion of market capitalization lost to exploits compared to last year — i.e., though the figure was higher, the real impact was lower.

The fact that market capitalization and other metrics such as total value locked (TVL) have grown so rapidly is proof of the strong demand for decentralized financial services, even if they’re not yet fully mature. This is reminiscent of the early days of the internet when enthusiasts put up with slow speeds, limited functionality, and nonexistent security standards because of their love for the technology.

Blockchain is in good company

Not so long ago, the idea of entering your credit card details into a webpage would have been met with trepidation by most people. The internet was (rightly) viewed as no place for sensitive information. But then along came widespread encryption and the internet changed forever. Hypertext Transfer Protocol Secure (HTTPS) allows information to be transmitted securely between websites and users. Its adoption opened up a whole new range of internet applications, from online banking to the multi-billion dollar world of e-commerce.

Blockchain is powered by encryption — the same technology that underpins HTTPS and secures the web. The public-key encryption algorithms that secure blockchains such as Bitcoin and Ethereum have never been broken, meaning users benefit from robust security guarantees just by using these networks.

Best practices must be followed, or it gets costly

There’s more to meaningful security than just encryption. DeFi is powered by smart contracts, which, although extremely powerful and efficient, introduce completely new risks. When smart contract platforms secure tens of billions of dollars worth of digital assets, even a byte-sized error in the code can cause massive financial losses.

That’s why auditing is such an essential step for all DeFi projects. To put it bluntly, there’s really only one incentive for someone to go through the arduous work of inspecting a platform’s code: money. Giving that incentive to a professional auditing team rather than a hacker is an investment that pays out many times over.

Auditing is an essential first step, but it can only review the security of a project at one point in time. Smart contracts are usually interoperable between different blockchain projects, and once deployed, they interact with other contracts in ways that are not always predictable. And new projects can be released that change the playing field drastically from the time a platform was initially audited.

To take it one step further, on-chain monitoring can protect against the risks arising from this shifting landscape. It can provide real-time insights into the overall health of a project and guard against malicious interactions. Monitoring tools sound the alarm as soon as a protocol appears to have been compromised, stemming further losses. And on-chain analytic tools can even work preemptively to set a minimum threshold of security that must be met before two smart contracts are allowed to interact. Think of it as the difference between an analog security camera with limited storage space versus an integrated, smart monitoring system backed up in the cloud. One gives limited insight into a specific time frame, while the other provides deeper insights and proactive alerts.

Ironing out security will help realize blockchain’s true potential

Effective security is not an afterthought or a hurdle to be cleared once. It’s an ongoing process that must be woven into the core of a product. Routine auditing and post-deployment monitoring combine static off-chain and dynamic on-chain analysis. The result is a comprehensive, end-to-end security solution that provides meaningful protection for the entire lifecycle of a platform.

Blockchain should be known for its powerful security and revolutionary potential, not for the small number of avoidable hacks and exploits that tarnish its reputation. Meaningful security practices must be as prevalent and adopted in crypto as HTTPS is on the internet. This means routine auditing, continuous real-time monitoring, and an ongoing commitment to security from both users and developers as the ecosystem evolves. Then, and perhaps only then, will blockchain technology be free to reach its full potential.

Professor Ronghui Gu is the Tang Family Assistant Professor of Computer Science at Columbia University and Co-Founder of CertiK. He holds a Ph.D. in Computer Science from Yale University and a Bachelor’s degree from Tsinghua University. He is the primary designer and developer of CertiKOS and SeKVM. Gu has received: an SOSP Best Paper Award, a CACM Research Highlight, and a Yale Distinguished Dissertation Award.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Are you ready to elevate your security game and take charge of your data-driven decision-making? As today's industry leaders know, data is key to driving impact and success.