Comment on page
The Decentralized Finance (DeFi) market grew rapidly in 2020: the true potential of blockchain technology and decentralized systems allows us to control our privacy and finances. People are interested in decentralized markets more and more every day, and this presents new opportunities and challenges.
- According to the DeFi Pulse, the Total Value Locked (USD) in DeFi has been hitting all-time highs almost daily since the Q2 of 2020. This shows that people are starting to trust the DeFi structures that have been based on value-driven foundations: decentralization, immutability, and absence of overpowered third parties.
- Uniswap, providing a decentralized Ethereum-based protocol that allows users to exchange ERC-20 tokens safely, has reached $4 billion in total value locked, surpassed 250,000 unique addresses, and supported over $100B worth of trades.
- Several DeFi lending platforms - MakerDAO, Compound, Aave - enjoyed success, each locking north of $5B to date.
The DeFi market is still at its early stage, though, and there are many things to improve: security being the top priority.
Even though DeFi is proliferating, it is worth noticing that its technology, UX, accessibility, and security are still in early development stages. The constant hacking of core crypto platforms is hurting the crypto world. The latter is one of the core obstacles for a more comprehensive trust of the investor pool and adoption outside of the crypto world.
According to DeFi Yield’s Rekt database and Immunefi reports, in 2020 the industry has lost $3.8B. In 2021 that number grew to $10B and in the first half of 2022 it is estimated that the losses are a staggering $1.97B. As cryptocurrencies become regulated, going from a niche curiosity to a mainstream asset held by millions of consumers, banks are expected to take the plunge into the digital asset space and we have already seen the first steps. With big banks joining in, hackers will become more incentivized to attack than ever before.
Ethereum's smart contract Turing-completeness makes many DeFi projects prone to being exploited and hacked, resulting in investors' loss of funds.
Flashloans. Loans that have to be paid back in the same block they are taken. Can be used maliciously to extract money from Smart contracts. One way to utilize those loans, for example, is to trade big amounts and cause on-chain liquidations.
Exchange hacks. Both centralized and decentralized exchanges can be hacked, and the stored funds can be extracted.
Wallet hacks. Holding the user’s funds, wallets are a massive target for hackers. Security leaks can lead to hackers gaining access to user’s funds.
Token minting. Some token contracts have a minting functionality, which means that new tokens can be created. This can be used by hackers to mint new tokens and sell them.
Intentional “rug-pulls”. The team itself pulling liquidity, minting new tokens, dumping their tokens, or similar, can also be an issue.
By examining the major crypto hacks that took place over the last year, we can draw some key learnings that bear valuable insights, helping protect investors in the crypto space.
In summary, the DeFi space has great potential as it enters the official mainstream, with institutions becoming major players in this market. The premise for this prediction is that retail investors, as well as institutions, learn from the painful lessons that the 2020 hacks taught us.
Otherwise, they will become the targets of cyber-attacks that will bear catastrophic consequences, indirect financial loss, reputational damage, and loss of goodwill.
As a team of experienced engineers, finance professionals, as well as DeFi experts, and white-hat hackers, we are dedicated to making the crypto space accessible and safe. Together we have built a Lossless protocol for hack detection and prevention to support blockchain technologies' growth. Not only that but we have developed other products like:
Token Relaunch Toolkit - to easily equip Lossless security measures to your active tokens Vault Protection - advanced security tool for project owners Token Minter - Lossless wrapped ERC-20 token generator Aegis - smart contract monitoring At Lossless, we aim to create a place where everyone could employ their money quickly with minimum risk. With a safer environment for everyone, we are aiming to increase the adoption of DeFi markets.
Lossless protocol - at its core, a piece of code that token creators insert into their tokens - this code empowers Lossless to freeze any fraudulent transaction based on a set of fraud identification parameters.
Our two-step process for recovering stolen funds:
- 1.Urgent/instant freezing after a hack - this step is community and technology-based, rewarding the one who identifies the hack and freezes the transaction.
- 2.Longer/permanent freezing occurs after a hack was verified by the Lossless committee, company, and token creator, which takes steps to reverse the fraudulent transaction.
A proof-of-stake hack finding platform
- An intuitive dashboard that allows manual overview and reporting for hack spotters
- Bot friendly APIs for community-created hack-spotting bots
- A transparent reward system that guarantees high levels of participation and innovation
Three Party Lossless Decision Making Structure
- This structure consists of three entities - Token Creator, Lossless Company, and Lossless Committee. The committee that overviews frozen transactions consists of investors with a significant share of LSS tokens and key public figures that provide trusted and unbiased decision-making, such as auditing firms.
- Minutes after hack - anyone (finders) can freeze an address for 24-48 hours if they stake LSS tokens.
- The Lossless team reviews the frozen address to determine whether it's valid or not.
- If Yes - further steps are taken (see below); finders are rewarded a fee.
- If No - staked tokens of the finder are confiscated, the address is unfrozen.
- Hours after hack - Lossless company evaluates code, contacts contract owner.
If the hack is valid - the address is frozen for further 14 days, and a committee proposal is enacted for permanent transaction freezing and reversing the transaction.
The data analyst team at Lossless creates the first hack-spotting mechanisms to freeze transactions for 24-48 hours automatically. These mechanisms are open source for everyone to contribute.
The winner-takes-all incentive will encourage the community to build on top of this initial model and improve it daily. The market will be able to determine the best ways to identify hacks, and the quickest spotter will get the reward.
This guarantees that the efficiency of the system will only improve over time as hack spotters will compete to make the fastest hack-spotting tool.
Most common ways:
- Listen for on-chain events, e.g., Mint(), OwnershipTransferred() - Smart contracts emit events on certain actions. For example, a Mint()-Event is emitted on the blockchain if new ERC-20 tokens are minted. By listening for this event, finders might find a hack.
- Check for unusual token activity, e.g., large transactions, liquidity pull - Highly unusual token activity, such as very large transactions from the team's wallets, without previous announcement, can be an indicator of a hack too.
- 3rd party reports, e.g., on exchange hacks - Blockchain hacks can also be identified with the support of 3rd parties. For example, a centralized exchange might publicly announce a security leak, which the finders can use to freeze affected addresses.
Because of the unique "staking" reward system in place, the market will determine the best ways to identify hacks as the quickest spotter gets a reward.
Tether, the 3rd largest cryptocurrency by market capitalization, can Freeze and Destroy Your USDT; if you lose access or send it to the wrong address, Tether has proven to be a successful "lifeguard" in corner cases.
The Lossless Protocol improves this model by allowing anyone to initiate the transaction freezing, while three independent parties decide the ultimate fate.
Benefits Of Using Lossless
- A win-win for token creators - no upfront cost, fixed percentage fee from the saved hack;
- Becoming the hack protection "standard" - projects can use Lossless to increase the trust for token holders;
- Increasing overall security for DeFi participants - paramount importance for wider global DeFi adoption.
Regular ERC-20 Interface vs. Lossless implementation ERC-20 Interface
function totalSupply() external view returns (uint256);
function balanceOf(address who) external view returns (uint256);
function allowance(address owner, address spender) external view returns (uint256);
function transfer(address to, uint256 value) external returns (bool);
function approve(address spender, uint256 value) external returns (bool);
function transferFrom(address from, address to, uint256 value) external returns (bool);
function hackFreeze() returns (bool);
function allegeHack(address allegedHacker, uint256 freezeDuration) external returns (bool);
function resolveHackAllegation(bool isRealHack) external returns (bool);
event Transfer(address indexed from, address indexed to, uint256 value);
event Approval(address indexed owner, address indexed spender, uint256 value);
With more businesses and countries accepting Bitcoin as a payment method, DeFi markets are on boom too. When zooming out and looking at the full year, the DeFi sector has reached new highs and ended 2021 at a $149 billion market cap. What's more, cumulatively, the total number of DeFi wallets sits at around 4.8 million.
Data according to Defipulse.com
With more businesses and countries accepting Bitcoin as a payment method, DeFi markets are on boom too.
As mentioned previously, 2021 saw $10 billion stolen in the DeFi ecosystem, a total addressable market for Lossless protocol as most of this money could have been saved and kept with their investors where they belong.
To our greatest surprise, there are plenty of cybersecurity companies and products in the general online space, but almost inexisting competition in the current DeFi cybersecurity market leaves room for rapid market share growth for Lossless.
A 10% market share of $10B would imply the prevention of $1 billion losses. And a 7% Lossless monetization fee would return $70 million in income for Lossless protocol. Keeping in mind that hacks and the hacked amounts increase, this brings a unique growth opportunity for the project.
A market focused on prevention and analysis of hacks, rather than mitigation - no one is freezing and reversing hacked assets. Competition is more of a traditional en-suite cybersecurity company that offers various cybersecurity products and services. Or, as an alternative, are one-off bug or hack bounty programs set out by the token creators themselves.
Some indirect competition includes:
We focus on building a safe and functional protocol for our users - both experienced and beginners. As one of the first players in this field, we understand our responsibility to deliver a trusted system and make timely improvements along the way. Here are some of our core features today:
- Different approach to blockchain security - mitigation vs. prevention (the latter has proven to be unsuccessful)
- Decentralized community incentives
- Trusted committee
- Focus on Simplicity
- User-friendly UX/UI
- Early mover advantage
- Experienced team
The crypto world is still much less regulated by traditional systems (governments, laws, and others) and attracts many hackers who aim to exploit any mistakes that platforms make. Some of the most recent hacks in 2022 only show that token creators and holders who did not implement additional safety tools/systems are highly vulnerable and exposed.
- Ronin Bridge. The hacker stole over $625 million in funds. The token price of Ronin was in a freefall in the first 24 hours post hack, dropping more than 20%.
- Wormhole. $323 million worth of ETH was stolen by hackers. The fourth-biggest crypto theft ever.
- Horizon Bridge. The attack drained the service, which enables crypto assets to be traded between the Harmony blockchain and other blockchains, of $100 million worth of crypto, including ether (ETH), tether (USDT), and wrapped bitcoin (wBTC).
With a total amount of $10B stolen in 2021 alone, the crypto world, including DeFi, needs to take things seriously and protect their platforms with systems like Lossless.
A time difference of 4 minutes and 10 seconds between mint and first sell transaction - First stage Lossless bot intervention on mint function.
A time difference of 61 seconds between first and second sell action - Second stage bot intervention (based on rapid token dumping criteria).
In the event of no-bot detection and a manual response rate of ~3 minutes from the first sell transaction, 10 out of 13 transactions could have been frozen, resulting in a 67% selling reduction (676 ETH vs. 2040 ETH currently).
With nothing quite the same as Lossless on the DeFi market or more expansive cybersecurity space, we had to develop a unique business model that would make our platform sustainable, a community of developers and white-hat hackers engaged and incentivized - at the same time allowing users to enjoy DeFi flawlessly and most securely.
An estimated 7% fee paid from the stopped hack transaction. Paid only when it is stopped, in native tokens.
Uses of revenue: Native tokens are used to buy LSS tokens and distribute:
- 2% is paid out to finder - finders identify and report fraudulent transactions that originate from exploits, hacks, or scams. A report must pinpoint the incident by providing (1) the LERC20 Token contract on which the incident is taking place and (2) the address of the malicious actor. If the correctness of the report is confirmed, the Finder is rewarded with a fraction of the tokens that were initially stolen. In contrast, if the report is rejected as incorrect, the Finder’s stake is taken.
- 2% is distributed for LSS token holders that stake - stakers stake tokens on open reports they believe to be legitimate in order to give more visibility and credibility to the report. If the correctness of the report is confirmed, the Staker is rewarded with a fraction of the tokens that were initially stolen. The reward is calculated based on the time of the stake. In contrast, if the report is rejected as incorrect, the Staker’s stake is taken.
- 2% is distributed for Lossless Committee - the Committee is a group of people from diverse sectors within the blockchain ecosystem. These members have the capability to vote and resolve reports as well as make decisions about where the stolen funds should be returned. Each Committee Member has an individual vote. The decision of the whole Committee counts as a single vote, that is, ⅓ of the total voting power in addition to the Lossless company (1/3) and the Token project team (1/3). If half plus one of the committee members cast a positive vote the whole committee is considered to have voted in favor of a report being correct. Committee Members are rewarded for participating in the investigation and resolution of a report
- 1% is retained by Lossless company - the Lossless Team is composed of a group of people from the Lossless Protocol. It also has 1/3 of the voting power. The Lossless Team can determine the outcome of a report being legitimate if two-thirds of the decision-making body cast a positive vote. The company takes 1% from the 7% retrieved from a hack to continue its activities and develop further.
DeFi markets are growing exponentially already; however, we conclude that every project and platform should do their bit in protecting their customers' finances by applying the best cybersecurity solutions available in the crypto world. To guarantee our further development, we have to steadily attract new clients and expand the community of incentivized white-hat hackers. As our product is suitable for all DeFi projects, we have developed a complex strategy to target diverse groups and marketing/sales channels. Our primary focus areas will be:
- Business Development
- Early Adoption Incentives
- Influencer marketing
- Affiliate and referrals
Highly correlated tokenomics - product success, with its ability to freeze hacks, is designed to impact and create interest for LSS token.
Being focused on token creators, we see that partnerships and integrations with existing and upcoming tokens will be one of our protocol's driving forces. We will be dedicating part of the team of sales and business development people to talk to as many existing and newly established token creators to integrate lossless protocol.
We understand that to keep Lossless relevant, we have to never stop trying and caring for our customers. That's why Lossless will provide early adoption incentives, such as tokens for projects that join early.
Influencers are the main access gate to a broader reach of the right audience in the crypto world, as trust is one of the industry's critical values. Our goal is to cooperate with influencers who have proved their integrity and understanding of the crypto world. Such personalities usually have an enormous following and can motivate many of their followers to use diverse products.
Lossless will create long-lasting relations with all our customers, and we will work with a small number of influencers who will consequently become our brand's ambassadors. This is an effective way to gain more trust in the crypto world and boost our numbers.
The Lossless team believes that affiliate and referral schemes are behind the fast expansion of broader cryptocurrency ecosystems and DeFi solutions. Transparent affiliate campaigns have helped DeFi space to grow in popularity, so it continues to be one of the essential marketing strategies that attract new users.
ByBit allows its referrers to make earnings not just from people they refer directly but also from generations of users referred by their referrals. Their concept proved successful. Affiliates at the third level can get from 10% to 35% off trading fees, and that, in the long run, adds up to a substantial amount.
The Ledger cryptocurrency wallet is another great example we'd like to share. Its affiliates get a 10% commission for every $10 sold, which is a spectacular opportunity for crypto influencers to spread the news and earn money.
After our launch, Lossless Affiliate and Referral Program will follow these steps:
1. We will talk to famous influencers and crypto bloggers who have an excellent reputation to spread the word about Lossless.
2. Anyone referring and successfully making token creators use Lossless code will receive a one-time incentive in the form of LSS tokens.
Token creators must use a part of Lossless code when creating their token contract.
Business development with new token creators (through investor/KOL circle)
Out-of-the-box tools (such as Interface for token relaunch swap, Airdrops for relaunched tokens to existing holders, Managing token relaunch with CEXs) for existing tokens to relaunch their token using Lossless code.
Advisory tokens / strategic partnerships for auditors. Auditing companies would recommend new token creators use Lossless code.
ETH, BTC would have pegged L-BTC L-ETH: those tokens would have lossless hack protection code.
On Ethereum, users can deposit their ETH and receive L-ETH via smart contract - Lossless Ether. This way, users can participate in DeFi activities (staking, farming, among others) with a lower risk of losing capital.
The Lossless protocol will introduce an innovative cybersecurity protocol to keep investors' money safe. We built LSS tokens as an integral part of our ecosystem to significantly influence the DeFi market and achieve more remarkable results by involving our community when making crucial decisions.
LSS token utility:
- Finders Staking
- Finders Fees
- LSS Token Governance
- Promotion and Referral program
- Early Access and Insights
In order to join the Lossless community and be eligible for finders fees, white-hat hackers must stake 2500 LSS tokens before a hack freeze can occur. If the hack is false, however, staked tokens can be confiscated from Finders.
Community Finders are paid by returning the staked LSS tokens and 2% of the retrieved cryptocurrency after the fee is collected from the hacked project.
LSS governance token functionality will also be introduced. This functionality will allow active users (white-hat hackers who are actively engaged in the Lossless ecosystem and have staked their LSS tokens) to provide feedback and make suggestions about the protocol, roadmap, various parameters, and the whole codebase.
To further increase our popularity and recognition in the crypto world, as well as acquire more token creators and hack finders to our platform, we will do different promotions and launch a referral program. We will pay different influencers, audit companies, other platforms, blogs, and social media accounts their bonuses for referrals in LSS tokens. On top of that, all the airdrops that help to control the liquidity of our wallets will be sent in LSS Tokens, as well.
TOP LSS token holders will have early and exclusive access to our newest product features, tools, and the latest cybersecurity insights. To show how much we value our loyal customers and community members, we will also create invite-only initiatives for people who hold a certain amount of LSS tokens.
Use Lossless at your own risk. We do not provide any warranties or guarantees, and all the information in this document doesn't make us responsible for your decisions.
This document is used for marketing purposes only and doesn't legally bind us to anything. We do not encourage you to buy anything nor make your decisions based on this text. It's written for marketing purposes, and we don't take responsibility if you choose to act in any way. This information doesn't constitute a recommendation by anyone to purchase tokens, join DeFi, or invest your money into the crypto world.
This document contains some forward-looking statements that might change in the future depending on the situation. We cannot predict the future 100% right, so all the decisions you make based on this information are at your own risk. Also, there is a possibility that some information might be wrong in this type of document, so you must always double-check the information and make your own mind.
------------------------------------------------------------------------------------------------------------------------------------------------------- Last update on 2022-10-26 by Digital Assets Security Solutions OÜ