This article is more than three months old

DeFi security not ready for crypto bull run, researchers say

DeFi security not ready for crypto bull run, researchers say
Ronghui Gu, co-founder CertiK, tells DL news that he hopes DeFi's security has improved. Credit: Andrés Núñez/DL News.
What you'll learn
  • The anticipated crypto bull market will put the industry’s security to the test, CertiK says in a new report.
  • Protocols and security researchers need to learn from past mistakes, the crypto auditor says.

Crypto investors anticipate 2024 will come with a new bull run, but the industry’s recovery will also test whether it has learned from mistakes that caused $1.8 billion in losses from security breaches last year.

That’s according to a new report from smart contract auditing firm CertiK, which warned that the bull run will come with new challenges.

“Looking ahead, the real test of DeFi’s improved security protocols awaits in the resurgence of a bull market,” the report stated.

“The expectation isn’t to eliminate losses entirely — an unrealistic goal in an industry that prides itself on cutting- edge innovation — but to continue reducing the correlation between [total value locked] and losses to hacks and scams. Such a trend would be the clearest indicator of a maturing industry that takes security seriously.”

Total value locked — or TVL — is a metric that tracks how much crypto is locked up in a DeFi protocol’s smart contracts, or in all DeFi protocols running on a given blockchain.

This challenge comes at a crucial moment for crypto. The industry has shown signs of recovery, with its market size doubling to $1.7 trillion over the past year.

The surge is partly due to anticipation of US regulators approving spot Bitcoin exchange-traded fund applications, which would make it easier to invest in digital assets for non-crypto natives.

But as the industry recovers from the crypto winter and the scandals that haunted it, it will have to ensure that it has learned from the lessons of the past, CertiK suggested.

Join the community to get our latest stories and updates

“The proof of the pudding will indeed be in the eating — and for DeFi, the next taste test could define its legacy and ultimate viability,” CertiK wrote.

Crypto lost less money to hacks in 2023

The last two years had roughly the same number of security incidents — 601 in 2022, according to last year’s CertiK report, and 751 in 2023, according to this year’s report.

However, losses suffered by different crypto organisations declined by 51% to over $1.8 billion in 2023, down from the $3.7 billion stolen in 2022.

Funds lost through crypto hacks have declined in 2023.

This is in line with data from crypto DeFi data aggregator DefiLlama, which puts the total amount stolen in 2023 at $1.7 billion.

While some researchers previously attributed the decline to crypto prices having fallen from their 2021 peak, others like TRM Labs and CertiK say that is only part of the story.

They say that factors like tougher policing and growing sophistication of protocols have played a greater role in the falling total value of losses.

“We would want to see this trend continue in a bull market to confirm that the overall security of web3 is indeed improving,” CertiK co-founder Ronghui Gu told DL News.

Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. To share tips or information about stories, please contact him at