Attenuating DeFi protocol attacks: Lossless, a DeFi hack mitigation tool

The growing importance of DeFi security

Lossless

Preface

The DeFi space has been rapidly growing over the last two years, with new products and protocols popping up across multiple blockchains, providing innovative use-cases that aims to revolutionise the finance world. As of Feb 2022, there are more than 1,500 DeFi protocols across various blockchains.

Money has also been flowing in from the outside world, with venture capitals investing over $30 billion USD into crypto and blockchain startups in 2021, over a 600% increase from 2020.

Source: Galaxy Digital

In Dec 2021, Total Value Locked (TVL) in DeFi protocols reached an ATH of $255 billion USD, in which about half is locked in the Ethereum blockchain. In addition, due to the aggressive growth of other DeFi-centric blockchains such as Terra and Fantom, we can expect the TVL to surpass ATH in 2022.

TVL in DeFi reached ATH on 2nd Dec 2021 | Source: DeFi Llama

With the amount of money invested in DeFi protocols, this provides a gleaming opportunity for hackers to take advantage of, draining funds from these protocols and leaving investors empty-handed. In 2021, over $1.3 billion USD was lost due to DeFi hacks, exploits and scam, an increase of 2500% from 2020. In fact, one of DeFi’s biggest hacks just happened in Feb 2022, where the Wormhole was drained out of 120,000 wETH (roughly $325 million USD) through a signature verification vulnerability which allowed the hacker to forge a signature to mint 120k wETH through Wormhole.

Attacks like this are getting more common and hurts the credibility of the crypto space, especially in it’s quest to be adopted across the world. This could be a sign that current DeFi security standards are inadequate and more measures are required to safeguard the funds locked in DeFi. Currently, the most prominent form of DeFi security would be security audits by blockchain security firms like Halborn and Hacken. However, audits are an ‘at-present’ solution, and doesn’t cover future code or changes in the protocol. This could be an issue where the relationship between developers and hackers could be seen as a ‘cat and mouse’ game, an endless cycle of finding and patching vulnerabilities before the hackers exploit them.

In this case, we should look towards alternate forms of DeFi security, putting focus on mitigation instead of only prevention, implementing a fail-safe without compromising on the decentralised aspect of DeFi. Introducing Lossless: a DeFi hack mitigation tool for token creators.

Creating a decentralised fail-safe for DeFi protocols

Lossless is a DeFi hack mitigation tool that integrates hack mitigation functionalities to the ERC20 standard, creating the Lossless-ERC20 standard (LERC20). Token owners are able to integrate Lossless code into their tokens and deploy them, which includes Lossless’s security features in their token.

Lossless functions in three aspects:

  1. Urgent Freezing: Loseless API allows the use of governance (more on that later) to detect and freeze fraudulent transactions, securing rewards for the caller.
  2. Fraud Analysis: After a transaction is temporarily frozen for suspected fraudulent behaviour, the Lossless Decision Making Body, made out of the LERC20 token project owner, the Lossless team and the Lossless Committee (which consist of blockchain security experts and partners), will analyse the transaction and rule it as an attack or a false-positive.
  3. Reversing Stolen Funds: After determining a transaction is fraudulent, the fund is frozen further and the committee enacts a proposal for transaction reversal, and the code reverts stolen funds back to the owner’s address.
Flowchart of Lossless’s operation | Source: Lossless

Lossless’s code is also open-sourced and publicly audited by both Hacken and CertiK.

Lossless’s Governance and Operations

Such fail-safes are not entirely new in the crypto space, with Tether, the creator of the USDT stablecoin, having the authority to freeze and destroy your USDT. This can be seen as a concern to some investor over the centralisation of authority in the Tether team. For example, Tether works regularly with law enforcement and froze over $160 million USD in three addresses on the Ethereum network.

Lossless aims to provide the same feature without compromising on the decentralisation aspect of DeFi protocols by using governance in their daily operations. Users are able to participate in Lossless operations by staking 500 $LSS (Lossless’s native token, approximately $360 USD at the time of writing). After staking the necessary amount, these users are converted into Finders, who are able to monitor, analyse and freeze potential fraudulent transactions using on-chain data (e.g Etherscan), Exchanges (e.g Binance hack in 2019) and Social Media (e.g Crypto Twitter).

Snapshot of Lossless’s dashboard | Source: Lossless

To prevent malicious use of the platform, Lossless uses both positive and negative reinforcement: Positive reinforcement in the form of $LSS rewards when a hack is correctly identified and negative reinforcement in the form of slashing staked $LSS when the freeze was unwarranted. This way the Lossless community is incentivised for the proper and frequent usage of the platform, encouraging proper analysis before making a decision.

In order to further automate and improve the effectiveness of Lossless’s hack finding platform, Lossless has an in-house data analytic team that would create the first hack-spotting mechanism to automatically freeze suspected fraudulent transactions. These mechanisms are open-sourced and encourages the community to create and improve these hack-spotting mechanisms.

Aside from the operational use of their token, holders are also able to participate in governance proposals, determining the future development of the platform. There are also plans to reward top $LSS holders with exclusive access and insights in Lossless initiatives.

As a result, Lossless promotes active use and development of their platform through community engagement and incentives, creating a sustainable solution.

Lossless’s Monetization Breakdown

The integration of Lossless with tokens is free-of-charge, allowing Lossless to on-board projects without a barrier-to-entry, increasing their market share in the DeFi security industry. Instead, Lossless uses a pay-per-use model, where a fee is withheld when an attack is stopped and funds are recovered.

Fee breakdown and allocation | Source: Lossless

Bullish Thesis

Given how important DeFi security is at this current juncture, and in time to come, Lossless cannot be overlooked as an important tool in the DeFi space. Being a DeFi security project, it would be natural for the valuation of Lossless to scale with the TVL in DeFi protocols. 2022 could see DeFi having another explosive run as more mainstream money enters the space and global adoption increases, making Lossless a very attractive investment currently.

As cryptocurrency goes from a niche investment to a mainstream asset held by many consumers and institution, trust and credibility of DeFi protocols are important and the safety of invested funds is crucial. Even when protocols undergo code audits by reputable DeFi security firms, attacks are still prevalent in the space, signaling that current security measures are inadequate. Lossless targets the alternate aspect of DeFi security: Mitigation.

With there being no similar hack mitigation tool to Lossless, the platform has the first-mover advantage in this space. Coupled with their no-fee onboarding strategy, resulting in low barrier-to-entry, we could see Lossless capturing a large market share before a similar competitor enters the scene.

Lastly, if we do a comparison to a similar industry like mainstream cybersecurity companies, we can see surging interest in investments in cybersecurity start-ups, with over $12.2 billion invested in cybersecurity companies in 2021. With the growing interest in mainstream cybersecurity from VCs, it would only be logical that we should see similar interest budding in DeFi security in the near future, given the growing importance of DeFi in the financial world.

In terms of future plans, there are talks to expand Lossless’s use-case beyond tokens to include NFTs, given the hype and value of high-tier NFTs like Bored Ape Yacht Club (BAYC), whose floor is currently valued at around $320k USD. Lossless’s inclusion of NFTs would join the ranks of other NFT-DeFi protocols, a promising space that explores the utility of NFTs.

With that being said, the bullish sentiment is based off theory, and Lossless has yet to publicly launch for use. A lot will rely on Lossless being able to deliver their promises and the platform functioning as intended. Nevertheless, it’s definitely an interesting project and industry with a bright future if all goes well and it’ll be on my list of projects to look out for in 2022.

Disclaimer

This is not a paid article and is written based on my own research and analysis. This also shouldn’t be taken as financial advice and it’s recommended for everyone to check out their whitepaper on their website.

Project Info

Lossless is open for early access request, which projects can apply for on their website. More information about their Partners and Team can be found on their website.

Website: https://lossless.cash/

Twitter: https://twitter.com/losslessdefi

Medium: https://losslesscash.medium.com/

Github: https://github.com/Lossless-Cash

Whitepaper: https://lossless-cash.gitbook.io/lossless/

If you made it this far, thank you for taking the time to read my article. I’m working on more of such research articles for DeFi and NFT projects, feel free to let me know if you have any suggestions for future articles or feedback on Twitter.

Till then, the world is your oyster.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store