As the growth and adoption of DEFI infrastructure solidifies, we must pay attention to the reason behind it, as it is not the same whether it is organized by experienced financial actors or motivated by millions of people worldwide, lured by the opportunity to make easy money without any rules, protection, or planning, solely based on the high annual percentage yields (APR) that go viral on the internet through well-designed marketing campaigns targeting this type of audience.
Being able to use your assets for the first time in the industry (apart from the well-known staking or the mathematical hope of buying low and selling high) as collateral, making a fixed-term deposit, or creating financial products directly is, at the very least, a great advancement in how we will use the internet in the financial realm. Unfortunately, this window of opportunity and prosperity also attracts many scammers with genuine cases of technical and financial engineering, aiming to take advantage of a large mass lacking in education, financial literacy, basic mathematics, and emotional and financial management skills.
This combination of factors has created the perfect storm, where most people have experienced hardships and disasters in their operations. Therefore, in this article, I will focus on concepts that can help improve the experience by minimizing losses. In DEFI, these losses occur primarily for two reasons:
- Not having healthy security habits.
2.Failing to plan and measure one’s activity in DEFI, which is known as productivity.
I will now awaken you from the iconic dream that social media creates, where everyone talks about how easy it is to make money with cryptocurrencies. Today, I will explain how you are going to lose it, and for that, nothing is better than giving you a glimpse of the modus operandi that you don’t see behind the screen a procedure as brilliant as it is simple and effective.
- A project is created.
- Communication channels are established through social media.
- Users are attracted through marketing campaigns with the covert slogan of “what could go wrong, everything is profitable and secure.”
- Capital is captured in smart contracts (SC) that contain a backdoor function, allowing manipulation of the terms of the SC.
- The user’s funds are stolen.
The figures support this theory, as at the beginning of DEFI (in 2020), $128 million was lost as a result of security vulnerabilities in SC, including losses from malicious projects that had not been audited by an independent third party and losses from legitimate projects that were exploited by hackers. However, determining with precision what distinguishes a reliable SC from a dishonest one is a challenging task, as the context in which “scam SC´s” are set up is ever-changing, making it imperceptible for less knowledgeable users to identify where the risk or bug lies that could make them lose all their money. Nevertheless, it is possible to follow some basic auditing principles on our part, which will help you analyze the SC´s and evaluate and identify a project’s intentions, resulting in a risk scoring.
Continuing with smart contracts and incorporating project analysis, I will break down several aspects you should investigate at a minimum to cover potential risks for yourself. I want to emphasize that you don’t need to be an expert or a technical person in this field, but it is necessary to demonstrate interest, willingness, commitment, and a desire to understand how and why malicious actors in the market construct these scams. By doing so, you will be able to make informed decisions, and you will see that from now on, you will only consider 1 out of every 100 opportunities that come your way.
DEFI platforms are inevitably associated with contracts, which can be more or less complex. However, they all serve the same purpose: to fulfill the functions they have been programmed for, functions that you accept once you sign them. Analyzing some of the functions within the smart contracts will help you build a much clearer understanding of the creator’s intentions.
Suspicious functions within smart contracts:
Identifying project intentions through their presence on social media.
The smart contract’s code. The code that is published should match the code written and reflected on the blockchain. To do this, we can use the different block explorers available to us. Specifically, we will go to the explorer of the network where both the platform and its token have been created.
Check if the smart contract is on any blacklists. With this information, you will have more than enough reasons to avoid touching or signing anything that comes from that source.
Always base your trust on what you can verify because even then, something can still go wrong.