derek walkush Profile picture
Aug 31 15 tweets 3 min read
DeFi is entering an entirely new security paradigm:

Simply put, security measures are going from reactive -> proactive. Here are the emerging trends and projects. 🧵👇
1/ Zooming out, security remains one of the primary bottlenecks for crypto adoptions, particularly in DeFi. A survey earlier this year found it to be one of the primary reasons people don't invest. Image
1.2/ And just over the past 8 months, approximately $2b was lost in hacks. Notably events were Ronin ($616m), Poly Network ($602m), and Wormhole ($326m).
1.3/ Attacks are becoming more sophisticated, not only exploiting bugs in code but even broader protocol design.

For example, the $181m Beanstalk attack involved a flash loan to pass a governance proposal and steal tokens from lending pools.

Not code, but governance design.
1.4/ Here's a high level overview of the current main attack vectors in crypto:…
1.5/ Importantly, as the industry grows, it becomes a bigger and bigger target for hacks. Much evidence has surfaced of North Korea using state resources to architect these attacks, and only more sophisticated actors should be expected to look at the space.
2/ The current security landscape is quite reactive and passes considerable risk to protocol users.
2.2/ Projects often audit their contracts and place a few bug bounties. If an attack occurs, they *react* by addressing the exploit and possibly compensating victims.
2.3/ Every project I speak with complains about the expense and length of audits. There are often wait periods lasting multiple months, and the expense is considerable. Even then, there's no guarantee that a hack won't occur, as seen with multiple projects like Audius.
2.4/ Finally, <1% of TVL in DeFi is insured, making the problem much worse. This not only makes retail afraid to participate on-chain, but almost becomes a non-starter for non-crypto institutions to enter the space.

3/ Considering the above, more proactive, scalable security tooling seems like a necessity for DeFi and crypto more broadly.

While early, two types of projects excite me.
3.2/ Automated bug engines - instead of relying on bug bounties or smart contracts, OS libraries like Echidna and engines from white hat hacker DAOs like @pwnednomore seem to be addressing a pretty clear need: constantly and cheaply identifying bugs throughout the dev process.
3.3/ Better testing - simulation based testing from projects like @TenderlyApp places far greater stresses on a protocol vs deploying on a testnet to identify potential bugs, attack vectors, etc before deploying on mainnet.
4/ Unlike web2, failures in crypto don't result in the loss of somewhat inconsequential personal data, but rather millions of dollars that can't be recovered. It could be someone's last straw, leading them to give up on crypto.
4.2/ Better security isn't a trend but an existential problem for the sector that needs to be resolved.

Comment the best security solutions below. DMs open for a chat 🙃

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with derek walkush

derek walkush Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Derekmw23

Aug 4
There is an almost ridiculous market opportunity in DeFi: insurance

Let me explain the current insurance landscape and the $1b+ protocol opportunity: 👇🧵
1/ <1% of TVL in DeFi is insured. While there's no 1:1 comparison in TradFi, 90%+ of Americans own car insurance and 85%+ own home insurance.
2/ Insurance is especially relevant after amount of money lost due to smart contract exploits this year, totaling ~$2b.
Read 16 tweets
Aug 1
Web3 gaming involves so much more than NFTs.

Let me explain the emerging net new gaming genre: 🧵👇
1/ Zooming out, block space becoming cheaper with rise of scaling solutions. More advanced computation can be brought on-chain. This vastly expands the design space for game devs.
2/ Important games aren’t P2E like Axie or upcoming AAA web3 games like Illuvium.

Don’t get me wrong – P2E was an important experiment in token design for broader X-to-earn, and I’m very excited to watch early AAA games with NFTs – a trojan horse for mass crypto adoption.
Read 12 tweets
Jul 28
The next cycle is where we go mainstream.

@variantfund Fund III will continue to invest in category defining projects for the coming wave of mass adoption: 🧵👇…
We think in decades, not months or even years. It’s too easy to fall into the trap of overreacting to hype / bust cycles when investing on the fringe of innovative tech.
Directionally, the rise of blockchains seems quite obvious. The tech industry has consistently seen a breakthrough in platform innovation, offering devs an entirely new design space for web apps.

1990s: PCs
2000s: early internet
2010s: smartphones
2020s: blockchains
Read 14 tweets
Jul 27
There's something big going on right now @Uniswap 👀

The community just approved the biggest step towards turning on protocol fees. Here's what you should know 🧵👇…
1/ Uniswap is the almost uncontested dominant DEX in the Ethereum ecosystem. They control the majority of volume, users, and have 5-10x the number of token listings of their competitors.
2/ They're also quickly expanding to newer L2s and EVM L1s... and growing rapidly. For example, the DEX grabbed ~30% market share in a week on Polygon and now controls the majority of the chain's volume:

Read 13 tweets
Jul 15
0/ We @variantfund are thrilled to lead the seed in @EmpiricNetwork, the first zk-native oracle.

Here’s an overview of its fundamentally better oracle design and why we’re so excited about ZKRs: 👇🧵…
@variantfund @EmpiricNetwork 1.1/ Zooming out, oracles will be a vital piece of infrastructure across all of web3. Data feeds are required for almost every DEX, lending protocol, yield aggregator, etc users interact with. Oracles provide price data to these smart contracts.
@variantfund @EmpiricNetwork 1.2/ Many oracles run permissioned off-chain infrastructure. They often involve 3P price feeds from external nodes. This architecture introduces an additional layer of consensus, which creates inefficiencies and can be compromised.
Read 18 tweets
Jul 15
Here are 8 things everyone should know about the state of @MagicEden…
@MagicEden 1/ They are tracking ~99% market share of Sol NFTs.
@MagicEden 2/ Daily txs are tracking around June levels, where the marketplace saw the greatest volume denominated in SOL.
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!