Open in app

Sign in

Write

Sign in

Tether model versus Lossless: Which is better at hack prevention?

Lossless
6 min readJul 29, 2021

--

The multi-billion dollar-worth decentralized finance market is an alluring target for all sorts of crooks trying to get their grubby hands on other people’s assets. To succeed in their goal, they deploy various tactics, including:

  • hacking decentralized and centralized exchanges to extract funds,
  • attacking individual wallets through security vulnerabilities,
  • abusing the token minting functionality to create new tokens and sell them,
  • intentional rug-pulls by the token team itself that mints new tokens and then dumps them,
  • exploiting flash loans which have to be paid back in the same block they’re taken from,
  • masquerading evil smart contracts as legit protocols.

The evil hackers never seem to run out of ideas and willingness to try.

Considering such an atmosphere, it’s no surprise to see the market becoming bloated with an increasing number of solutions trying to prevent or at least alleviate the damage caused by these attacks. These range from hack mitigation tools (audits and the like), post-hack tools (insurance and money tracking products), one-off bounty programs, and other options.

Tether and its ‘lifeguard’ approach

One DeFi company has adopted an original approach to try and protect its users’ assets against hacking — Tether. The third-largest cryptocurrency (USDT) by market capitalization, Tether has introduced tools that can reverse transactions, freeze accounts, and even destroy users’ USDT tokens in case they lose access to their accounts, send assets to the wrong address, or if fraud occurs.

If the platform becomes aware of such a situation, it contacts the user to confirm that the funds are lost and to retrieve them. Then, it deploys a function in its smart contracts to blacklist the ETH addresses that these tokens were directed to.

Without a doubt, this method is highly effective but has several major flaws.

First of all, Tether single-handedly decides on the fate of the transaction in question — whether to allow it to proceed, freeze it, recover the tokens, or burn them. Having only one body with interest in the matter deciding in these situations compromises on the core principle of the market — its decentralization.

Secondly, it features a total lack of transparency in the process, opening Pandora’s box of questions and other potential issues. Who is the person or persons making the decision? On what grounds do they decide whether the hack they discover is valid or invalid? How do they decide if the error is an honest mistake or a hacking attempt? The issues just keep on stacking.

Thirdly, this approach is limited to USDT tokens only, while the rest of the market is left to fend for itself. This does make sense for Tether because the company is trying to put its users and tokens first, but there’s also a need for a solution that would be applicable to all tokens.

Due to all these issues, this approach makes us wonder if ideal protection against DeFi hacks is even achievable. To put a stop to exploits, give the market participants a chance to fight back along with transparency, as well as to retain the market’s essential quality — decentralization — there has to exist an appropriate solution.

Without it, hacks will continue to happen, forcing users to settle on less than ideal solutions.

Lossless wrapped tokens

Luckily, the ideal solution is already here. Lossless takes the Tether model and improves it in multiple ways.

Unlike Tether, which freezes and makes the ultimate decision on its own, Lossless allows anyone to initiate the transaction freezing, with three independent bodies deciding on the final outcome.

This protocol is a piece of hack protection code that token creators embed into their tokens. The code wraps these tokens and creates an L-token version of their existing or recently launched tokens.

For instance, BTC and ETH would have the wrapped L-ETH and L-BTC and these tokens would now feature the Lossless hack protection code. On Ethereum, users can deposit their ETH and receive L-ETH through a smart contract — Lossless Ether.

Wrapping tokens in the Lossless code is a very simple process and comes with no upfront cost, with just a fixed percentage fee is taken, and only when there’s a saved hack.

Any ERC-20 token can be wrapped in the Lossless hack-protection code, while Tether only protects its own tokens. The staking model used in Lossless’s hack-prevention is the most efficient way to protect major protocols’ assets against attacks.

To discover hacks, a community of white hat hackers and hack-spotting bots monitor the market for any on-chain events, unusual token activity (like substantial transactions, liquidity pulls, etc.), and third-party reports. After identifying the hack, the finder freezes the transaction for a certain period by staking their LSS tokens.

The next step involves the decentralized Lossless decision-making body, consisting of the Lossless committee, the Lossless company, and the token creators. This body reviews the frozen transactions, makes a trusted and unbiased decision on the validity of the hack and carries out the necessary steps.

Single tx hack mitigation

Here’s how the process of the Lossless code flagging and reverting suspicious transactions looks up close.

  1. First, it checks if a transaction goes through a whitelisted address (including major DeFi decentralized exchanges (DEXs), protocols, partners, team addresses, and so on). If yes, then the transaction is allowed to proceed.
  2. If it doesn’t, then the code checks if the transaction is toward a DEX.

2.a) If it does go to a DEX, then the code checks if the transaction value is above or below a certain threshold.

2.a.I) If it is below this threshold, then the transaction is allowed to complete.

2.a.II) If it is above this threshold, then the code checks if the used funds have been deposited recently or have been in the wallet for a long time (attackers usually want to move the stolen assets fast).

2.a.II.A) If the funds have been in the wallet for a while, then the transaction is allowed to complete.

2.a.II.B) If not, then the transaction is reverted.

OR

2.b) If it doesn’t go to a DEX, then the code checks if the transaction value is above or below a certain settled amount threshold. The aim is to avoid a hacker splitting the funds into smaller chunks and swapping them on a DEX.

2.b.I) If it’s below the threshold, then the transaction is allowed.

2.b.II) If it’s above the threshold, then the code checks if there was a transfer in the settlement period that used the unsettled amount.

2.b.II.A) If there wasn’t, then the transaction is allowed to proceed.

2.b.II.B) If there was, then it is reverted.

The first of its kind

Tl;dr, the Lossless hack-protection ecosystem has multiple advantages over Tether’s (still pretty good but ultimately not as efficient) effort to protect its users’ tokens. Among other things, it’s:

  • decentralized,
  • highly transparent,
  • applicable to any ERC-20 token (both ETH & BSC with blockchains added along the way),
  • easy to implement,
  • immensely effective,

Currently, it’s the only platform of its kind on the market, making any other available method out there pale in comparison.

So if you want to learn more about our platform or even join our cause, we warmly invite you to check us out or get in touch on our:

Website | Telegram | Twitter | GitHub

Usdt
Tether
Hack Mitigation
Defi
White Hacker

--

--

Lossless
Lossless

Written by Lossless

1.4K Followers
3 Following

World’s first unrivalled exploit identification and mitigation tools, designed to foolproof web3 from malicious activity.

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams