Hack Epidemic (Origin Protocol - REKT)

Stay at home, wear a mask, the hack epidemic is spreading.

These are dark times for weak code. Developers need to put their protocols into lockdown.

Greed is contagious, and hacks bring eye-catching prizes. In just 24 hours we hear of two more attacks.

Cheese Bank - $3.3m via flashloan AMM oracle attack, Origin Protocol, $8m via flash loan and faketoken re-entrancy

In the last 30 days, we’ve seen over $45 million of users funds removed from unsecure protocols. In addition to the most recent attacks, we’ve seen Harvest ($25M) > Value DeFi ($7M)> and Akropolis (~$2M)

In epidemiology, the basic reproduction number, or “R number” is the expected number of cases directly generated by one case in a population where all individuals are susceptible to infection.

In cryptocurrency, the R number is the quantity of protocols that are currently getting totally REKT by flash loans and fake tokens.

We’re seeing the R number increase day by day as the publicity of each attack serves as duplication instructions for the next capable coder who’s willing to take risks.

Although each hack attracts attention and even some compliments on their expertise, we should remember not to glorify this behaviour.

Any “Robin Hood” comparison is way off the mark here. Hackers are stealing money from those who have less.

Although, we are learning from the experience.

We can hold the opinion that flash loans are good for the space without promoting greed and theft.

Having said that, greed is not without its benefits.

Would banks be secure if there were no robbers?

Greed is at the core of our capitalist system, yet it brings us vaccines...

If, as some say, the hackers are acting simply to expose weak code and educate the space, perhaps it would be best to eventually return all funds, rather than rely on their personal judgement to decide who should be refunded.

However, perhaps there is also some greed in the behaviour of the developers, who could wait and have their code thoroughly audited pre-launch instead of gambling with users funds.

On the other hand, if there was no predatory risk to shit code, then the developer would become the apex predator, and the cycle would continue.

All parties involved in these attacks have some degree of responsibility. The amount of responsibility varies, yet the motivation is identical.

Greed is human nature, and it's a key concept in the game of DeFi.

Each actor involved in these unfortunate events presents their greed through different actions.

The Ape - Hopes to make a profit and bet on the untested code. Greed shows through their impatience, yet the early bird has been rewarded well in the past, so their desired outcome is not without precedence.

The Dev - Expecting to profit the most from their newly released code, the greedy dev is blinded by their expectations, and skips the essential safety audit as they rush their code to market.

The Hacker - The apex predator is not immune, but is able to use superior knowledge to weaponise his greed while others are handicapped by it. If you had worked to acquire knowledge that enabled you to take money in this way, would you return millions of dollars?

While there is no cure for greed, we should remember that it can create things which are positive, and that there are steps we can take to protect ourselves from its negative consequences.

Audits are not cheap, but they’re a small price to pay compared to losing funds or your reputation to a hack or exploit.

Although immunity is never 100% guaranteed, we can take steps to reduce the likelihood of infection.

The R number changes according to our behaviour, developers must put protocols into lockdown immediately.

This is an epidemic that affects only the weak. Once infected, there is no cure.

The only protection is in prevention, code needs to be audited thoroughly if it is to survive the winter.

Audit your code, wash your hands, don’t get rekt.

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.