Unraveling the Root Cause: Computer Bugs and the Need for a Secure Solution

Crypto fraud is ubiquitous and rampant. It seems that not a month goes by without yet another “explosive” fraud event, like the most recent $70 million swindle perpetrated at Curve Finance. Anchain.ai described the event as a computer bug that “triggered a cataclysmic drain from several DeFi pools.” According to Anchain.ai, this computer bug was a “0-day compiler bug in the Vyper language, which was used to write Curve's smart contracts.” Vyper is a high-level easy-to-use wrapper for Solidity, a C++ based language that runs smart contracts on Ethereum, currently the dominant platform in the DeFi ecosystem. At AbleBlox, we consider the imperfect use of Solidity and its C++ based peers the root cause of all the problems.

Comparitech estimates that the combined crypto thefts to date amount to nearly US $50 Billion in today’s dollars. Comparitech also estimates that the number of crypto attacks is only increasing as crypto grows in popularity, as the chart shows. As the companies, treasuries and regulators struggle with containing and harnessing the popularity of crypto, the hot mess of crypto fraud is certainly on the top of everyone’s mind.

Looking back at previous exploits, we may notice a common theme: most of the crypto heists involve a computer bug in the code, which is found and exploited by a random agent in the black void that is the crypto universe. By design, the bad agents can be impossible to track. The crypto universe has been a perfect antithesis to the governments’ coalition to promote Know-Your-Customer, or KYC, framework that delivered complete transparency in all financial transactions. In fact, crypto originated around the same time as the governments started pouring trillions of dollars annually into developing and enforcing KYC, thus creating a perfect free-market (or some people may argue, black-market) antidote to the governments’ push for disclosure across the world.

Anchain.ai proposes to deal with the issues by “robust auditing, testing, and coordinated disclosure in complex DeFi ecosystems.” This may seem like a nice and traditional path for Gary Gensler – in line with existing regulations, let’s just bring crypto into our KYC family. By design, however, such an approach is guaranteed to fail: crypto code is too laborious to be audited and tested, the testers who find the bugs may exploit them for profit themselves rather than report them to the authorities, and the disclosure in the DeFi world is a non-starter by the system design, as discussed above.

C++ underlying Solidity is known for its speed, but also complexity and “pointers”, direct calls to the computer memory that enable often improper use of information. Traditionally contained inside the corporate firewalls, random C++ bugs were dealt with in the “isolate and ignore” fashion – the intruders simply could not reach the problem areas in the code. Exposed to millions of prospective anonymous hackers in the crypto universe, however, C++ bugs become very tangible and a real undetectable threat to the crypto world stability.

So what are the companies and the regulators to do with this hot mess? Our company AbleBlox may hold the simple answer: ditch the custom smart contract languages in favor of established and bullet-proof crowd-sourced and verified computer commands. What is that, you may ask? Our blockchain is based on Python, a surprisingly powerful and popular open-source language that has been examined, verified and improved by generations of computer programmers since the early 1990s. Thirty years of communal stability improvements have helped get rid of potential “wormholes” allowing illicit access to the data that plague Solidity and other smart contract languages today in the crypto world. In fact, today, almost the entire web3 universe is programmed in Python and enjoys powerful Internet security in a completely anonymous global web world.

A shameless plug, hire AbleBlox blockchain to create your own state-of-the-art interoperable access to the crypto space that is secure and bug-proof. No matter the nature of your business, we can help you become a secure digital player that delivers solid customer experience in the modern world.