Decentralized exchanges (DEXs) like UniSwap, PancakeSwap and 1Inch are super popular but carry risks. Stay safe with these DEX security super tips.
- Why are DEXs So Popular?
- Why Are So Many DEXs Getting Hacked?
- Risks with DEXs
- How to Protect Yourself When Using a DEX
- Connecting a DEX with your CoolWallet
Security, enhanced privacy, and personal monetary sovereignty are some of the major advantages that have seen decentralized exchanges (DEXs) rocket in popularity in recent history.
Yet the majority of crypto traders still prefer centralized exchanges (CEXs) due to ease of use, faster transacting and all the security breaches that had occurred on DEXs and other decentralized finance (DeFi) protocols.
Unfortunately, DEX use comes with its own set of security risks, which in some cases are bigger than CEXs.
In the first half of 2020, DeFi exploits accounted for 45% of all the hacks in the crypto space, amounting to $51.5 million. Theft incidents were just as bad for the rest of the year, with DeFi users losing approximately $47.7 million to malicious actors.
Some of the biggest DeFi and DEX hacks in recent history include MakerDAO ($8.32 million), Eminence ($15 million), bZx ($8.954 million), Lendf.me ($25 million), PAID Network ($3 million), Uniswap ($300,000), Harvest ($34 million), and Pickle Finance ($19.7 million.)
All these unfortunate and costly breaches point to one obvious fact: using DEXs requires extra care and responsibility.
A premium hardware wallet like the CoolWallet is one of the most convenient and secure ways to interact with DEXs, since your assets are protected by additional biometric and hardware measures.
Warning: If you send funds to a bogus address or contract due to falling for phishing or a counterfeit website, you will lose your assets. Always check the URL of a website, or use the blockchain explorer or a site like Coinmarketcap that will display the authentic address.
Why Are So Many DEXs and DeFi Protocols Getting Hacked?
Despite the growing DEX and DeFi adoption, hackers, scammers, and other malicious actors continue to find new attack vectors. Let’s take a look at some types of DEX attacks.
This type of exploit had drained lending platform Lendf.me roughly $25 million. The hacker conducted a re-entry attack through a flaw in an ERC-777 token. This attack happens when a protocol’s smart contract initiates a call to an outside contract, and the external contract calls back all in a single transaction.
Consequently, a hacker can control the smart contract. The key rationale of a re-entry attack is to allow other contracts to withdraw funds from their balance.
A rug pull is an internal attack where a project’s founding team abandons the project by first withdrawing users’ funds deposited in liquidity pools for personal gain.
SushiSwap lost over $13 million through a rug pull incident. The platform’s pseudonymous founder, Chef Nomi, withdrew approximately 37,400 Ethereum (ETH) meant for project development to a personal wallet. Luckly, the founder later returned the funds.
A flash loan attack happens when an attacker bundles several actions in a single transaction within a smart contract. The attack’s main objective is to avoid the set loan mechanisms to unlock token price manipulation, among other ills. On June 28, 2020, the Balancer network fell victim to this type of attack.
Most DeFi protocols rely on oracles to interact with activities outside its blockchain. DEX platforms, in particular, need price feed oracles to properly set prices for its token pairs.
Centralized oracles present a weak point to a DEX by exposing the protocol to attackers. Hackers had utilized this strike on Value DeFi and took roughly $7.5 million. Luckily, decentralized oracle networks like Chainlink have more or less fixed this issue.
Hackers intensely explore a project looking for a bug or a malfunction in its code. A bug can give a malicious actor permission to artificially increase their balance, such as in the case of bZx’s iToken duplication, among other fishy activities. Akropolis and Opyn are also recent victims of this type of attack.
In a phishing attack, hackers trick you into providing critical wallet details such as the seed phrase and private key. They can do this by compromising legitimate websites providing gateways into a DEX or DeFi protocol. This is what befell Cream Finance users.
What Risks do DEXs Carry?
Although distributed platforms have some significant advantages over CEXs, they house significant risks that users should be aware of.
Major Risks with DEXs include:
- Security – Although distributed networks provide enhanced security by allowing users to hold their private keys, it doesn’t always hold true especially if the DEX platform is not properly audited. In cases of theft, DEX funds are absolutely gone and non-refundable as distributed networks are not covered by insurance.
Centralized platforms like Binance and Coinbase either insure their users’ funds or run a fund (such as SAFU) to compensate users in the event of theft.
- Front running – Front running happens when a trader knows the list of buy and sell orders in a DEX ahead of time and places a trade at the appropriate price before everybody else does. Front running is more common on DEXs due to the public nature of a blockchain.
- Liquidity – DEXs still suffer from low liquidity, and orders may remain open for long or never get executed.
- Scalability – The blockchain that powers a DEX dictates the platform’s scalability. Ethereum, the most popular blockchain for DEXs, has been experiencing network congestion for several months.
Slow blockchains curtails the quality and experience of DEXs. Luckily, there are rising alternative blockchains like BSC.
- Usability – Since DEXs are in the early stages of development, some may lack a user-friendly design, thus, negatively impacting usability, especially for traders who are not tech-savvy.
How to Protect Yourself When Using a DEX
It is important to always be vigilant about where your money goes as there are a lot of DEXs that proliferate fake tokens, allow high slippage trades, ignore delays in transaction settlement, and omit other important cryptocurrency trading information for its users.
Let us talk about some tips on how you can keep yourself protected from possible issues with DEXs.
Do your own due diligence
Always perform thorough research before using any DEX. Initially, you can check its website, read its whitepaper, inspect if the protocol has been audited, and check user reviews. The same goes for token investments. Bear in mind that anyone can create a token and list them on a DEX.
Double check with blockchain explorers
Before investing in tokens that are only available on a particular DEX, check its blockchain explorer (can be Etherscan, BscScan, Tronscan depending on which blockchain) for its history of transactions and its current status.
Low liquidity and transaction volume should be considered red flags, but it depends on how recent the token has been on the market. Therefore, you need to also consider the record of its last transaction.
Token prices can be artificially inflated. If the last few transactions are large but came from the same address, you’d better stay away.
Be wary of phishing sites
As a crypto user, you should know better than to take anything at face value. Make it a habit to fact-check every data you consume, especially when it is related to your funds.
A lot of scammers either create fake websites that imitate popular crypto projects or try to come off as legitimate new token projects. Also, be sure to check if there is a “padlock” icon on the top-side of your browser before the URL, which would indicate that your connection to a particular website is secure.
Watch out for pages that ask you for your personal information. And under any circumstances, never share your private keys with anyone no matter who they are.
Don’t be fooled by crypto influencers
Some crypto projects spend a lot of money on crypto influencers or KOLs to shill their tokens. Unfortunately, many influencers these days tend to ignore their better judgment if the price is high enough. And indeed, in a bull run, influencers can get paid as high as $10,000-$30,000 to shill a project.
You must take this into consideration whenever your favorite YouTuber or Twitter personality promotes the purchase of a particular token or makes bullish predictions on a crypto project, especially if it’s Tron or a new crypto project.
How to safely connect your CoolWallet to a DEX
The CoolWallet’s accompanying CoolBitX Crypto app makes it super easy to connect to most Ethereum-based DEXs that support the WalletConnect protocol.
All that users need to do to connect is to visit the (authentic) DEX site of their choice, then open their CoolBitX app, navigate to the Marketplace tab, select WalletConnect and scan the QR code on the DEX of their choice.
For a complete guide visit our detailed 2-part WalletConnect guide here.
Decentralized cryptocurrency exchanges appeal to a lot of traders and speculators thanks to the opportunities it presents and its decentralized nature. However, extra caution is needed in order to prevent losses from scams, hacks, rug pulls, and other forms of fraud. Proper due diligence and common sense is key to avoid falling prey to these malicious acts.
DEXs are here to stay, despite security risks and inevitable regulation, but they are nowhere yet as mature as centralized exchanges. This doesn’t mean that you should avoid them, as early adopters usually get the best opportunities available. Just be careful and arm yourself with the most secure hardware as much possible. For that, look no further than the CoolWallet, where you can explore all the disruptive opportunities that DeFi and DEX protocols have to offer.