# Hack Related Articles

HTX News Center provides the latest articles and in-depth analysis on "Hack", covering market trends, project updates, tech developments, and regulatory policies in the crypto industry.

Why Is No One Buying DeFi Insurance?

"Why DeFi Insurance Remains Unpurchased" explores the paradox of decentralized finance insurance. While DeFi insurance promises automatic, unbiased payouts via smart contracts—eliminating traditional insurers' denial practices—it struggles to attract users. The core issue is economic viability. Premiums are prohibitively high relative to the yields from DeFi protocols. For example, insuring a deposit on Aave or Maple Finance can consume most or even all of the annual yield, leaving returns comparable to or worse than traditional savings. Only the safest protocols, like MakerDAO, offer affordable premiums. Furthermore, the DeFi insurance model is structurally fragile. Unlike traditional insurance where risks are uncorrelated, DeFi risks are highly interconnected (e.g., oracle failures, bridge hacks). A single major exploit can simultaneously threaten multiple protocols, potentially bankrupting the entire insurance pool, which holds only millions against billions in total value locked. The governance model also creates a conflict of interest. In platforms like Nexus Mutual, token holders who vote on claims risk their own capital if payouts are approved, incentivizing denials. Consequently, the market is tiny and shrinking. Nexus Mutual dominates with $81.56 million in assets, but the industry lacks the capacity to cover a catastrophic event like the $292M Kelp DAO hack. Other providers have dwindled or shut down. The article concludes that DeFi insurance faces a "tragedy of the commons": its stability requires widespread adoption, but individual users have no incentive to pay for it, as premiums destroy their yields. Current solutions involve preventative measures like bug bounties and seeking external capital from traditional reinsurance, acknowledging that on-chain capital alone is insufficient to cover on-chain risks.

marsbit06/27 03:03

Why Is No One Buying DeFi Insurance?

marsbit06/27 03:03

It Turns Out the First Real-World Application of AI x Crypto is in Security Auditing

The article explores the surprising trend where AI's first major impact on crypto has been in security auditing, not in areas like trading or analytics. It details how AI-powered tools are dramatically lowering the barrier to finding smart contract vulnerabilities, enabling attackers to scan thousands of contracts and execute exploits within minutes. This has rendered traditional, manually-produced audit reports with their month-long validity periods increasingly obsolete, creating a critical "structural crack" in the old security model. Cases like Drift Protocol and KelpDAO show that even extensively audited protocols can be hacked through social engineering, operational flaws, or infrastructure misconfigurations beyond pure code review. Attackers are also using AI to find and exploit vulnerabilities in years-old, deployed contracts. Notably, OpenZeppelin's co-founder has expressed a grim view that "all DeFi is insecure" due to AI's asymmetric advantage. In response, the audit industry is undergoing a fundamental shift. While there's a short-term spike in defensive re-audits, the long-term business model is changing. Firms are developing AI-assisted systems and moving from one-time report deliveries towards embedded, continuous services like real-time monitoring and formal verification. Examples include AI tools uncovering critical, previously missed vulnerabilities in heavily audited protocols like Curve Finance and Zcash. The conclusion is that security must become a continuous investment, not a one-time checkbox, and audit firms must rapidly evolve their tools and service models to survive.

marsbit06/26 07:20

It Turns Out the First Real-World Application of AI x Crypto is in Security Auditing

marsbit06/26 07:20

Never expected that the first tangible application of AI x Crypto is in security auditing

Unexpectedly, the initial major application of AI in the Crypto sphere has turned out to be security auditing. In 2026, DeFi has faced significant security challenges, with 121 hacking incidents resulting in approximately $942 million in losses. While AI was expected to first impact areas like quantitative trading, its initial breakthrough has instead transformed security auditing by drastically lowering the cost and skill barrier for finding smart contract vulnerabilities. The traditional audit model is facing obsolescence. Advanced AI models, such as Claude Mythos, enable attackers to scan thousands of contracts and identify vulnerability patterns at scale, compressing the time from discovery to execution to mere minutes. This renders the month-long validity of traditional audit reports ineffective. Notably, attacks now frequently target well-audited, established protocols by exploiting business logic flaws, operational security weaknesses, and even years-old historical contracts, demonstrating that old audit reports offer zero protection. This pressure is forcing a fundamental shift in the industry. In the short term, a wave of defensive re-auditing is occurring, driven by projects seeking to meet new AI-era security standards and regulatory requirements. In the long run, audit firms' business models are diverging. The one-time report delivery model is declining in value, as evidenced by platforms like Code4rena shutting down. Leading firms are now pivoting towards AI-powered defense, integrating continuous monitoring, real-time on-chain risk detection, and embedding security directly into the development phase, as seen with tools like OpenZeppelin's Skills system. Ultimately, the era of "audit once, secure forever" is over. Security must become a continuous, embedded infrastructure investment for projects. For audit companies, survival depends on proactively transforming from traditional service providers into platforms offering AI-native, ongoing security solutions.

链捕手06/26 07:13

Never expected that the first tangible application of AI x Crypto is in security auditing

链捕手06/26 07:13

Top-Tier MEV Bot Loses $7.5 Million: Is 'Approval' the Most Overlooked Fatal Risk On-Chain?

The article discusses a sophisticated attack on a prominent Ethereum MEV (Miner Extractable Value) bot, Jaredfromsubway.eth, resulting in a loss exceeding $7.5 million. Unlike typical exploits involving key leaks or smart contract bugs, this attack was a carefully orchestrated "reverse hunt." The attacker spent weeks deploying fake tokens and liquidity pools that mimicked legitimate assets like WETH and USDC. These pools were designed to appear as profitable arbitrage opportunities, tricking the automated bot's trading logic. During its normal operation, the bot was induced to grant ERC-20 token approvals to the malicious contracts. Once sufficient permissions were accumulated, the attacker drained the bot's funds by calling these pre-approved allowances. This incident highlights the often-underestimated risks associated with token approvals in Web3. The article explains that approvals are a fundamental mechanism, allowing smart contracts (like DEXs) to move a user's tokens on their behalf. However, risks arise from practices like granting infinite approvals, the persistence of approvals even after disconnecting from a dApp, and the potential for a once-trusted contract to become compromised later. The piece concludes with advice for managing approval risks: users should adopt the principle of least privilege (approving only the needed amount), use separate wallets for storage versus interactions, and regularly audit and revoke unnecessary approvals using tools like Revoke.cash. It also emphasizes the role of wallets like imToken in providing proactive defenses, such as risk warnings and clear, readable transaction signing interfaces, to help users make informed decisions. Ultimately, wallet security must extend beyond private key protection to include active management of token approvals.

marsbit06/24 05:28

Top-Tier MEV Bot Loses $7.5 Million: Is 'Approval' the Most Overlooked Fatal Risk On-Chain?

marsbit06/24 05:28

Why Does No One Buy DeFi Insurance?

**Title: Why Isn't DeFi Insurance Being Bought?** DeFi insurance, which promised automated, unbiased payouts via smart contracts, has failed to gain traction. The core issue is economic: high premiums severely erode the yields that attract users to DeFi in the first place. For example, insuring a USDC deposit on Aave V3 could cost 1.5–2.5% of the annual yield, leaving a net return barely above a savings account. For riskier platforms like Maple Finance or Ethena, premiums can even turn net yields negative. Consequently, users often forgo insurance, as it nullifies their profit motive. The market also suffers from structural flaws. First, DeFi risks are highly correlated (e.g., an oracle failure can impact multiple protocols simultaneously), unlike the independent risks in traditional insurance. This makes large-scale events potentially catastrophic for insurers. Second, the total capital in DeFi insurance pools (e.g., Nexus Mutual's ~$81.5M) is minuscule compared to the hundreds of billions in total value locked (TVL), creating a massive capacity gap. A single major hack could drain the entire industry's reserves. Furthermore, the governance model where tokenholders vote on claims creates a conflict of interest, incentivizing them to deny payouts to protect their own funds. As a result, the sector is shrinking. While pioneers like Nexus Mutual are pivoting to preventative measures (bug bounties) and seeking external capital via reinsurance, the fundamental problems remain. DeFi insurance represents a public good—its stability benefits the entire ecosystem—but without a mechanism to share costs, a "tragedy of the commons" ensues where no one is willing to pay, leaving the system vulnerable.

marsbit06/23 08:54

Why Does No One Buy DeFi Insurance?

marsbit06/23 08:54

活动图片