Posts

A Lesson on DEFI security for DEFI players

avatar of @mintymile
25
MIntymile
@mintymile
·
0 views
·
3 min read

Image by TheDigitalWay from Pixabay

Unbelievably, I get into the DEFI world with the CUB Finance DEFI protocol!!

Image Source

Yesterday, as I opened the LeoFinance website there was this buzz on Cub Finance, then I understood that Leo team has built a Dex on Binance Smart Chain. And then… one of my unintended bucket list kind of wish came true, I was actually able to get some CUB tokens using the DEFI route in BSC and got to stake the cub token… that was cool, but it’s time to get serious.

I am practically a novice in DEFI, never was able to get into it for some reason or other, but I am following the space watching DEFI token action from a distance. Now, with me as a participant in a DEFI protocol, things change.

Defi investors have to be vigilant about possible DEFI protocol exploits gobbling up their investments

I have to be careful, as DEFI protocol exploits keep happening, and only yesterday I got to hear about the exploit of BSC DEFI protocols - Cream Finance and that trending DEFI protocol of BSC, PancakeSwap.

Obviously, this caught my attention, as it was a lesson for me on DEFI security and I would like to share these insights with everyone else.

A lesson on DEFI security with the news of exploits of these DEFI protocols

The March 15th exploit of the two BSC protocols were not due to smart contract code exploits that are common in smart contract based DEFI protocols like Ethereum and Binance Smart Chain too with BSC’s core method of functioning being the same as that of Ethereum Blockchain.

The two protocols were exploited with hackers getting control of their website DNS. This meant that the hackers got control of the websites of these two protocols.

Therefore, when users were trying to log into the website of these protocols, there emerged requests for users to provide their seed phase and private keys.

Tweet Source

Those unfortunate people who typed in the requested confidential information fell into the trap and got their money stolen. OUCH!!

A Big don’t - Never type your seed phase or private key details anywhere else other than your wallet interface

However, there is a lesson in here and it is that users should not type in their seed phase and private keys of their wallet(whatever it is Metamask, trust wallet, or any other wallet) in DEFI protocol websites.

Connect to wallet options in Cub Finance Defi

They should type it only in their respective wallet interfaces, but not anywhere else.

As hacked and phishing websites can take that information and the people behind such fake and duplicate or compromised websites can get the information needed to get that coveted access to your wallet.

Tweet from PancakeSwap warning users not to input their private key and seed phase in any website!!

Yup, for instance if Cub Finance website asks me for my seed phase or private key, I should not type it there as I should type that only in my respective wallet interface to recover my account, not anywhere else!!

We must never reveal private key information to third party interfaces or anybody else - It’s Confidential!!

Tweet from Cream Finance warning users not to reveal their private key or seed phase in any website

I understand that this stuff may sound damn basic to most, but at one time we too did not know all this when we were novices in space.

Also, it’s possible we feel that the concerned DEFI platform is reliable and trust it to be safe to input asked for confidencial details, but again it’s a rule that no one working in any DEFI protocol’s company(team member, employee) would ask for your private keys or seed passwords..

Let’s remember that!!