华夏时报(www.chinatimes.net.cn)记者 胡金华 见习记者 赵奕 上海报道
Reporter of the Summer Times (www.chinatimes.net.cn)
DeFi在2020年实现了跨越式的发展,但与此同时,围绕DeFi的各类安全事件也层出不穷。
DeFi achieved a cross-cutting development in 2020, but at the same time there were numerous security incidents surrounding DeFi.
1月5日,DeFi保险协议Cover Protocol官方宣布正式启动新COVER代币,目前可供用户认领。同时,Cover Protocol提醒用户勿将任何代币发送到COVER旧官方地址、新官方地址以及SAFE2地址。
On 5 January, the official launch of the DeFi insurance agreement, Cover Protocol, was announced and is now available to users. At the same time, Cover Protocol warns users not to send any currency to its old official address, the new official address and the SAFE2 address.
启动新代币的原因要追溯到2020年12月28日,Cover Protocol遭遇黑客攻击,导致代币增发超过万亿枚。黑客先后在SuShiSwap、Uniswap等DEX上进行套现,直接导致代币COVER价格从800美元暴跌超过90%。事件发生后,OKEx、抹茶等交易所第一时间关闭Cover充提,币安方面暂Cover交易。
The reason for the launch of the new token dates back to December 28, 2020, when Cover Protocol was hit by hackers, which resulted in more than 100 million more. The hackers were set up on the DEX of SushiSwap, Uniswap, etc., which resulted in a direct drop in the price of the token COVER from over US$ 800 to more than 90%.
“DeFi项目频繁遭到攻击的原因,主要在于DeFi处于高速发展的初期,一方面是项目开发团队的安全与风控能力存在不足,在合约协议开发上存在漏洞被攻击者发现而发起攻击;另外一方面是DeFi处于发展初期并未有较多的风险事件可参考借鉴,行业安全风控解决能力也有待提升。”区块链与数字货币研究者杨俊对《华夏时报》记者表示。
“The frequent attacks on the DeFi project were due mainly to the fact that DeFi was in the early stages of rapid development, on the one hand to the inadequate security and wind control capabilities of the project development team, on the other to the fact that there were gaps in the development of contractual agreements that had been discovered by the attackers, on the other to the fact that DeFi was in the early stages of development and that there were no more risk incidents to be taken into account, and on the other hand to the extent that the industry's safety wind resolution capacity had yet to be enhanced.” The sector chain and digital currency researcher, Jang Joon, said to the Washington Times journalist.
黑客们的新目标
New Target for hackers
1月2日,The Block·Research发布数据显示,2020年总共有15起针对DeFi平台的黑客攻击事件,被盗资金高达1.2亿美元。在这些攻击事件中,黑客窃取金额从13.5万美元到2500万美元不等,仅有4560万美元被追回。
On 2 January, The Block Research released data showing a total of 15 hacking attacks against the DeFi platform in 2020, amounting to $120 million, in which hackers stole amounts ranging from $135,000 to $25 million, with only $45.6 million recovered.
其中,失窃金额最大的是DeFi 借贷协议Lendf.me,黑客利用合约漏洞来实现重入攻击,盗取了平台上的所有资产,共约2500万美元。攻击者随后归还了部分资产。
The largest amount of the theft was the DeFi loan agreement, Lendf.me, which was used by hackers to re-infiltrate and steal all the assets on the platform, amounting to some $25 million. The attackers subsequently returned some of their assets.
此前CipherTrace 11月发布的一份报告也证明了DeFi正受到黑客的青睐,报告显示,在2020年的前六个月中,所有盗窃事件中有45%是DeFi黑客,造成约 5150万美元损失,占该时期黑客数量的40%。到目前为止,在2020年下半年,DeFi在所有盗窃案中占了50%的份额,平均大约为4770万美元,占同期被盗案数量的14%。
Earlier, a report released in November by CipherTrace also confirmed that DeFi was being favoured by hackers, showing that 45 per cent of all thefts in the first six months of 2020 were by DeFi, resulting in losses of approximately $51.5 million, or 40 per cent of the number of hackers in that period. So far, in the second half of 2020, DeFi accounted for 50 per cent of all thefts, an average of approximately $47.7 million, or 14 per cent of the number of thefts in the same period.
对此,杨俊分析表示,DeFi项目常见的安全问题有智能合约漏洞、51%攻击、闪电贷攻击等,项目开发团队首先需对其产品设计方案进行全面性风险评估并制定相应的风控策略,尤其是涉及到多个产品组合的业务须进行系统性风险评估与风控措施,另外产品上线前需加强代码审计与漏洞排查,可引入第三方团队进行安全审计。
In response, the Yeung Jun analysis indicated that the security issues common to the DeFi project were smart contract gaps, 51 per cent attacks, and flash loan attacks, among others, and that the project development team would first have to undertake a comprehensive risk assessment of its product design programme and develop a corresponding wind control strategy, particularly for operations involving multiple product combinations, which would require systematic risk assessment and wind control measures, as well as enhanced code audit and gap check prior to the product being online, which could lead to the introduction of third-party security audits.
重庆工商大学区块链经济研究中心主任、知密大学发起人刘昌用也对《华夏时报》记者表示,项目方需要高度重视代码质量,项目实施慎之又慎,代码审计不可或缺。即使如此,也不能消除所有漏洞,需要预先评估攻击的后果。投资者进入DeFi领域,应该充分认识到这个领域的开放、创新、金融、无监管特征,认识到这是高风险投资领域,这也是DeFi高收益的原因。
The Director of the Economic Research Centre of the Block Chain at Chongqing University of Commerce and Industry, Liu Chang, the founder of Cyborg University, also said that the project needed to give high priority to code quality, project implementation was prudent, and code auditing was indispensable. Even so, no loopholes could be removed, and the consequences of the attack needed to be assessed in advance. Investors entering the area of DeFi should be fully aware of the open, innovative, financial and unregulated character of the area, which was a high-risk investment area, which was also responsible for the high returns of DeFi.
刘昌用向本报记者进一步分析表示,DeFi项目有四个基本特征:系统开源开放;处于创新前沿;涉及大量资金;没有监管或法律保护。这是DeFi优势所在,也是DeFi频繁遭遇攻击的原因。合约技术漏洞是主要的安全问题,这是开源创新金融项目不可避免的。同时,解决的办法很简单,交给市场就对了——攻击和防守在市场中不断交锋,新项目不断抄袭、改进、超越老项目,DeFi就会快速迭代,越来越安全高效。
Liu Chang, using further analysis from journalists in this newspaper, states that the DeFi project has four basic features: opening up the system; being at the forefront of innovation; involving large amounts of money; and having no regulatory or legal protection. This is the advantage of the DeFi and the reason for its frequent attacks. The contract technology gap is a major security issue, which is inevitable for open-source innovative finance.
尚处于监管空白阶段
is in a regulatory gap
毫无疑问,2020年是DeFi快速发展的一年,特别是6月到11月间DeFi锁定资产价值从10亿美元增长到了180亿美元左右,上涨幅度高达1700%。但频繁的黑客攻击已经开始引起各方的注意,CipherTrace 的报告中表示,如果犯罪率继续保持不变,DeFi可能会引起监管审查。
There is no doubt that 2020 was a fast-growing year for DeFi, especially since the value of DeFi’s targeted assets rose from $1 billion to around $18 billion between June and November, up by 1700%. But frequent hacker attacks have begun to attract attention, and CipherTrace’s report states that if crime rates continue to remain constant, DeFi may be subject to regulatory scrutiny.
事实上,监管在这一领域还在起步阶段,跨国监管尚无共识。北航数字社会与区块链实验室研究员、经合组织BEPAB专家王娟向《华夏时报》记者直言,DeFi项目的快起快落符合了很多风险偏好者短平快的暴利模式,市场参与者自组织的模式天然逃避监管介入。一旦监管出现成熟手段和策略,就会出现新的模式和机制。
In fact, regulation is still in its early stages, and there is no consensus on transnational regulation. North China Digital Society and Block Chain Laboratory Researcher, and OECD expert BEPAB Wang Quan, has spoken out to the reporter of the Summer Times, saying that the rapid rise and fall of the DeFi project is in line with the short-term windfall patterns of many risk-advantaged individuals, and that market participants’ own-organized models are naturally avoiding regulatory intervention.
王娟表示,DeFi是一种去中心化的交易机制,频繁攻击的目的就是获取高额回报,利益驱动的黑客行为,是金融安全和网络安全攻击的合力结果,技术在不受监管的市场疯狂获利,激励了黑客进一步优化策略操纵控制代币市场。
According to Wang Jun, DeFi is a decentralised trading mechanism, with frequent attacks aimed at obtaining high returns, profit-driven hacking, a combination of financial security and cyber-security attacks, and the frenzied profit of technology in unregulated markets, encouraging hackers to further optimize their tactics to manipulate and control the money market.
“投资者亏了找监管,赚了逃避监管,这种非对称属性决定了这个市场没有传统监管路线可循。投资者日渐成熟,市场监管也需要从政策走向技术与政策共进,以链治链,在链上和开源社区建立技术、交易和风险多维度监管架构。”王娟表示。
“The asymmetric attributes of investors evading regulation by looking for regulation determine that there is no traditional regulatory route in the market. Investors are becoming more mature, and market regulation also needs to move from policy to technology and policy in order to link the chain and establish a multi-dimensional regulatory framework for technology, trade and risk on the chain and in open-source communities.” Wang Jing said.
对此,前述研究者杨俊向《华夏时报》记者表示,因DeFi项目攻击造成较多投资者或较大金额的利益受损会有较大可能性引起监管注意,但DeFi项目的特殊性并不能较好的实施监管,所以更大可能性是先向社会发布风险提示再考虑制定相关的政策规定对DeFi予以引导。
In response, the above-mentioned researcher, Yeung Jun, told the Washington Times reporter that there was a greater risk of regulatory attention being drawn to the fact that the DeFi project attack had resulted in more investors or greater sums of money, but that the specificity of the DeFi project was not better regulated, so it was more likely that DeFi would be guided by a risk alert to society before considering the development of relevant policy provisions.
杨俊强调,对于项目方来说,加强安全与风控能力建设是可持续运营的核心竞争力,制定科学的风控策略有助于保障平台与用户的资产安全,对于单一业务类型向综合性业务发展的DeFi项目更需加强系统性风险把控。对于普通投资者,要优选参与比较成熟的DeFi项目,具体来看是运营时间久、资产规模大的,同时做好风控机制避免因无常损失、剧烈行情波动等造成资损。
Young-joon stressed that strengthening security and wind management capacity-building is the core competitiveness of sustainable operations for project participants, that the development of scientific wind control strategies helps to safeguard the assets of platforms and users, and that more systematic risk management is needed for the DeFi project, which is a single type of business moving to an integrated business. For ordinary investors, preference is given to participating in the more mature DeFi project, specifically for long operating times and large assets, while maintaining wind control mechanisms to avoid capital losses due to unusual losses, volatility, etc.
刘昌用也持相同态度,他表示,攻击事件可能会引起监管的注意,但监管不太适合也很难对去中心化项目进行监管,能做的可能只是帮助消除信息不对称。投资者需要明确知道自己进入的是高风险领域,认清自己承担风险的能力,做好投资的风控。
Liu Chang shares the same approach, stating that attacks may attract regulatory attention, but that regulation is not appropriate and difficult to regulate decentralised projects, and that all that can be done is to help remove information asymmetries. Investors need to know clearly that they are in high-risk areas, recognize their ability to take risks, and manage their investments.
责任编辑:徐芸茜 主编:公培佳
查看更多华夏时报文章,参与华夏时报微信互动(微信搜索「华夏时报」或「chinatimes」)
Read more of the summer Times articles and participate in the summer Times micro-interactions ("/span" or "chinatimes
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论