A few days ago there was a hack on the DeFi dForce platform and we talked about it with Scott Stuart, Kava Product Manager.
Kava is a DeFi cross-chain platform that allows creating CDPs in a similar way to MakerDao.
But, while MakerDao only accepts ETH and some ERC20 tokens, the Kava platform also accepts BTC, BNB, XRP, Atom and in theory any cryptocurrency. Thanks to its architecture based on Tendermint and powered by Cosmos, Kava leverages the interoperability between blockchains with completely different protocols.
What do you think happened with dForce, how was it possible for hackers to steal $25 million?
“As previously discussed by our CEO Brian Kerr, the fault is both on the dForce team and the users. Dforce didn’t understand what they were doing and marketed an unsafe product. The users didn’t do their own due diligence on the team or the code base to make sure it’s safe”.
The money was eventually returned, apparently because the hacker who carried out the attack was so clumsy to leave traces that the police found immediately. All’s well that ends well… or not? These events ruin the reputation of DeFi and cryptocurrencies in general. What is Kava doing to avoid these kinds of attacks and exploits that have recently taken place in DeFi on Ethereum?
“Security issues like these breakdown into two questions. Generally, what platform is the DeFi product being built on? Specifically, what group of people are developing the software? Both need to be evaluated. You can have the best software platform in the world, if the product is delivered by shysters it will be insecure.
dForce clearly did not know what they were doing. They copied code and added to it without understanding the system as a whole. They did no external security audits, it was a mess. Kava in contrast has contributed to building the platform from the ground up and understands every component. Multiple security audits, stress tests, and simulations are performed at great cost to reduce risk. This does not make it a bullet proof system, but reduces risk to an acceptable level. DeForce was arguably negligent on this front.
Ethereum lets you do anything. Anything is messy. Especially when done by a novice team. Kava is built with specific functionality in mind. There are a limit of set of transaction types and ‘state transitions’ which in turn limit the overall complexity of the system. The system is still complex, but significantly less so than Ethereum”.
dForce has chosen the USDX ticker for its stablecoin, exactly like the stablecoin that can be coined with Kava’s CDPs. How did you react to the news, are you going to pursue legal action?
“They stole it from Kava. USDX had been used publicly months before dForce picked it up. dForce has shot themselves in the foot. Kava is focused on delivering a world class, secure product to users”.
How does Kava see DeFi in 5 years, do you think it will be mature enough to go mainstream and attract institutional clients?
“Kava is certainly the only platform that is credibly making steps towards opening up these financial services to any assets. The value proposition of automating these lending services with a fully transparent protocol is strong, the project needs to focus on clearly delivering that value to users of as many networks as possible”.
