Since the early days of DeFi, efforts to prevent hacks have existed in different forms. Developers depended on unit tests, smart contract security and secondary audits, code uniqueness, contracts’ access protection while also allowing the wider protocol community to spot coding mistakes.
Regardless, the $3.8B stolen during 122 crypto hacks (including DeFi) last year showed how the booming ecosystem is unable to stop cyber attacks, resulting in catastrophic consequences for investors, developers, and everyday users.
Clearly, the one-size-fits-all approach to cyber security in DeFi proved unsuccessful: solutions that worked in traditional finance or centralised crypto platforms did not produce the same outcomes in a decentralised system.
By default, decentralised exchanges, and wallets focused on preventing hacks; however the amount of funds stolen clearly shows: hack prevention fails to prevent losses.
Lossless brings an alternative approach to improve the safety of DeFi. The nature of crypto tokens and transactions allows token creators to insert code into their tokens.
As a result, it is possible to freeze any fraudulent transactions based on a set of fraud identification parameters. Because of that, post-fraud loss mitigation becomes a way to solve the security crisis in DeFi.
How Lossless Mitigates DeFi Hacks
Lossless uses a two-step process to recover stolen funds: initial freezing of the hacker’s wallet and hack verification by a decentralised Decision Making Body.
The urgent or instant freezing after a hack will be community and technology-based, and will reward the one who identifies the hack and freezes the transaction.
A longer freeze will occur after a hack is verified by the Lossless committee, company, and token creator, which then takes steps to reverse the fraudulent transaction.
We will now explore each step in more detail.
Spotting hacks and freezing transactions
Lossless will enable anyone staking LSS tokens to report potentially fraudulent transactions. For that, we will introduce an intuitive dashboard that allows manual overview and reporting for hack spotters (see above).
Our data analyst team will implement initial hack-spotting mechanisms — including listening for on-chain events or unusual token activity. These mechanisms will be open source for everyone to contribute. However, because of the transparent system rewarding hack-spotters, we expect large community participation in the hack-spotting process.
The winner-takes-all incentive will encourage the community to build on top of this initial model and improve it daily. The market will be able to determine the best ways to identify hacks, and the quickest spotter will get the reward. This guarantees that the efficiency of the system will only improve over time as hack spotters will compete to make the fastest hack-spotting tool. Thus, Lossless will be the first platform to reward and incentivize white hat hackers to make DeFi safer for everyone.
For that, Lossless will provide bot-friendly APIs to incentivize the development of community-created hack-spotting bots. As a result, provided they stake LSS tokens, anyone will be able to report a potentially fraudulent transaction.
Regardless of whether our mechanisms or community-created bots report the hack, the transaction will be frozen for 24–48 hours. The Lossless team will then review the frozen address, evaluate code, contact contract owner and determine whether the submission is valid. If no suspicious activity is detected, staked tokens of the finder will be confiscated as a penalty for false submission.
However, if the transaction proves to be valid, the decision will be passed to the Decision Making Body for further action.
Verifying and reversing hacks
After the initial confirmation of a potential hack, the frozen funds will await overview and verification from the Decentralised Lossless Decision Making Body.
The Decision Making Body will consist of the Token Creator, the Lossless Company, and the Lossless Committee. The Committee will feature investors with a significant share of $LSS tokens and key public figures that provide trusted and unbiased decision-making, such as auditing firms. As a result, the hack validation process will be decentralised among many independent entities — and none of those entities will have the absolute power to determine the faith of the hack.
If the Decision Making Body verifies the hack, the address will be frozen for further 14 days, and a committee proposal will be enacted for permanent freezing and reversing of the transaction.
The described technical architecture will enable hack mitigation efforts to finally reflect the core principles of the ecosystem by integrating decentralised mechanisms. While hack prevention partially worked in the infant stages of global DeFi adoption, more robust solutions are necessary to bring trust and safety for everyone involved.
What is Lossless?
Lossless is the world’s first crypto hack mitigation tool.
Implemented into the token, the Lossless protocol allows to freeze and retrieve any fraudulent transaction based on a set of hack identification parameters.
Lossless aims to create a trusted and safe DeFi ecosystem with minimized losses from hacks, exploits or social engineering.
Enter Lossless DeFi:
