Many of the recent bridge hacks were easily preventable. Unfortunately when the dev himself is the hacker, no amount of active development would fix these issues
I'm not sure if this has much specific relation to the Mango hack, but you raise an interesting point mentioning the possibility of a developer hacking his own network (who would be more qualified to do so?) - my broader point is this: there is a lot of incentive to get these platforms up and running, and not always a lot to build them safely and even less to truly audit them.
Often the developers make their money up front - in a way that's all that has to be said for the diligence developers of these protocols might have across longer time scales.
People are so concerned with making a quick buck they forget about subtleties like developer token lock up, third party audits, patience in general. But that's how markets go - fast money is more valuable than slow money and the price you pay is risk.
What the average Joe need to know is that DeFi, while capable of producing huge gains, also comes with a lot of risk both market-wise and protocol safety-wise.
> What the average Joe need to know is that DeFi, while capable of producing huge gains, also comes with a lot of risk both market-wise and protocol safety-wise.
Gains have to come from somewhere. If they're not backed by something in the real world - say capital investment making some process more efficient or whatever - then the alternatives are that they're illusionary or backed by shenanigans.
Yes. Key concept. There were people in the crypto space who believed they'd invented financial perpetual motion. If you could run money through enough different transactions, you'd get a net gain without doing anything in the real world. That mostly went away when the entire crypto sector crashed. The "Line goes up" video[1] covers this mindset.
Regulating bodies are not capable of performing cyber-security protocol audits on emerging technology. 'Throwing regulation at the problem' is an embarrassing proposal that I'm sure many regulating bodies will pat you on the back for stanning.
Like we have chemical analogue laws that prohibit new drugs that are similar to existing drugs, we could have financial services / product analogue laws that prohibit bullshit like this, that enables regulators / LE to prosecute bad actors.
I'm not suggesting that we ought prohibit innovation, and I'd prefer we tax and regulate drugs too, and laws don't prevent bad actors, but we should be able to go after and exact retribution upon those whom intentionally break the rules.
What you suggest is smart, but it's fundamentally financial friction and people who want to risk money will avoid that friction, usually because they don't understand why it is useful.
What would be much better is if more crypto skeptics had more nuance. Most of them treat crypto like the D.A.R.E program treated drugs - in reality there are a concentrated subset of categories of crypto which have an outsized probability of being extremely high risk, but when counter-shills tell everyone to avoid all crypto, those a bit more open minded are less equipped to make distinctions within crypto.
The good example is https://rekt.news/ which keeps track of every hack and exploit while at the same time acknowledging what is progressive about crypto.
Often the developers make their money up front - in a way that's all that has to be said for the diligence developers of these protocols might have across longer time scales.
People are so concerned with making a quick buck they forget about subtleties like developer token lock up, third party audits, patience in general. But that's how markets go - fast money is more valuable than slow money and the price you pay is risk.
What the average Joe need to know is that DeFi, while capable of producing huge gains, also comes with a lot of risk both market-wise and protocol safety-wise.