Pluto: Restaking in DeFi poses financial risks, cross-chain bridges are vulnerable to exploitation, and AI’s dual role in crypto security | On The Brink

Key takeaways

• Restaking in DeFi poses significant financial risks due to its complex layered derivatives.
• Cross-chain bridges are vulnerable to exploitation, allowing attackers to unlock value across different blockchains.
• Spoofing attacks can manipulate asset values on one chain to facilitate unauthorized transactions on another.
• Security threats in the crypto space are expected to become increasingly sophisticated.
• Building better infrastructure is more crucial than blaming specific platforms for security breaches.
• AI has the potential to both threaten and protect the crypto space, depending on its application.
• Technologies in DeFi can favor either attackers or defenders, impacting security dynamics.
• Current smart contracts are largely secure against contract-level exploits in DeFi.
• The crypto industry is adopting safety measures from traditional finance to enhance transaction security.
• Circuit breakers and deferred settlements from tradfi are being implemented in crypto for safety.
• The evolving landscape of cybersecurity threats necessitates improved infrastructure in the crypto space.
• Understanding the mechanics of cross-chain bridges is essential for recognizing vulnerabilities in value transfers.
• The dual role of AI in crypto highlights the need for proactive security measures.
• The robustness of existing smart contracts is crucial for assessing the security landscape in DeFi.
• Adopting safety measures from traditional finance can enhance the reliability of crypto transactions.

Guest intro

Pluto is a veteran of decentralized finance and cross-chain systems, currently building Harbor, a native asset DEX. He brings deep expertise from prior roles at Thorchain and Airswap, where he developed insights into DeFi infrastructure, protocol design, and the systemic risks that continue to challenge the ecosystem’s security and trust.

The risks of restaking in DeFi

• Restaking is considered risky due to the potential for financial instability.

• I always kinda like vaguely thought restaking was a bad idea but without knowing specifically why all these layered derivatives give me the heebie jeebies.

  — Pluto

• Understanding the mechanics of restaking is crucial for identifying its risks.
• Layered derivatives in DeFi can lead to complex financial structures.
• The potential dangers of restaking reflect broader concerns about DeFi stability.
• Financial instability in DeFi can arise from poorly understood mechanisms like restaking.
• The complexity of restaking increases the risk of financial losses.
• Identifying the risks of restaking is essential for safeguarding DeFi investments.

Exploitation of cross-chain bridges

• Attackers exploit bridges to unlock value on different chains by manipulating collateral.

• One of the reasons why people want to exploit bridges is because there’s value on one chain and you can possibly use that bridge to then mint or unlock value on a different chain.

  — Pluto

• Understanding cross-chain bridge mechanics is key to recognizing vulnerabilities.
• Cross-chain value transfers are susceptible to exploitation by attackers.
• The manipulation of collateral is a common tactic in bridge exploitation.
• Exploiting bridges can lead to significant financial losses in DeFi.
• The vulnerability of cross-chain bridges highlights the need for improved security measures.
• Recognizing the motivations behind bridge attacks is crucial for enhancing security.

Mechanics of the Aave market attack

• The exploitation involved using inflated collateral to drain value from Aave markets.

• The attackers were really after was eth or rseth on ethereum main net where the actual aave markets live where all of this tvl that they could access and drain using this… minted collateral out of thin air.

  — Pluto

• Understanding Aave market functions is essential for grasping the attack’s mechanics.
• The concept of total value locked (TVL) is crucial for assessing DeFi vulnerabilities.
• Inflated collateral can be used to manipulate DeFi markets.
• The Aave market attack demonstrates the potential for significant financial losses.
• Recognizing the implications of the attack is vital for improving DeFi security.
• The specific mechanics of the attack highlight the need for enhanced security measures.

Spoofing attacks in cross-chain transactions

• The hack involved a spoofing attack that misrepresented the value held on Arbitrum.

• The crux of the whole hack was basically a spoofing attack and we can get into how they actually did that and how was it monetized in the end it was monetized in the end by using that 116,000 rseth on the ethereum main net side to basically open loans and use as collateral to then withdraw other assets through aave markets.

  — Pluto

• Understanding spoofing attacks is crucial for identifying vulnerabilities in cross-chain transactions.
• Spoofing attacks can facilitate unauthorized transactions on Ethereum.
• The manipulation of perceived asset values is a key tactic in spoofing attacks.
• Cross-chain transactions are susceptible to spoofing attacks due to their complexity.
• Recognizing the technical mechanisms behind spoofing attacks is essential for improving security.
• The vulnerabilities in cross-chain transactions highlight the need for better infrastructure.

The evolving threat landscape in crypto

• Hacks in the crypto space are expected to become more sophisticated over time.

• This is only gonna get worse… the really sophisticated guys are just gonna get better.

  — Pluto

• Awareness of the evolving cybersecurity threats is crucial for safeguarding crypto assets.
• The increasing complexity of security threats necessitates improved infrastructure.
• Sophisticated hacks highlight the need for proactive security measures in crypto.
• The evolving threat landscape underscores the importance of ongoing security improvements.
• Recognizing the sophistication of future hacks is essential for preparing defenses.
• The need for improved infrastructure is emphasized by the increasing threat complexity.

The role of AI in crypto security

• AI can potentially be both a threat and a protector in the crypto space.

• If crypto can or ai can potentially be the destroyer of crypto but it could also potentially be the protector as well.

  — Pluto

• Understanding the dual role of AI is crucial for enhancing crypto security.
• AI’s potential to threaten or protect crypto highlights the need for strategic application.
• Proactive security measures are essential for leveraging AI’s protective capabilities.
• The complex relationship between AI and crypto underscores the importance of security measures.
• Recognizing AI’s dual role is vital for navigating the future of crypto security.
• The need for proactive security measures is emphasized by AI’s potential impact.

Strategic implications of technology in DeFi

• Technologies can favor either attackers or defenders, impacting security dynamics.

• Some technologies favor the attacker and some favor the defender… cryptography is a good defensive technology.

  — Pluto

• Understanding the strategic implications of technology is crucial for DeFi security.
• The impact of technology on security dynamics highlights the need for strategic planning.
• Cryptography is a key defensive technology in the battle between security and exploitation.
• Recognizing the strategic implications of technology is essential for enhancing security.
• The ongoing battle between security and exploitation underscores the importance of strategic planning.
• The need for strategic planning is emphasized by the impact of technology on security dynamics.

The security of current smart contracts

• The current smart contracts in production are largely secure against contract-level exploits.

• I think that all of the smart contracts that are live in production and are securing any meaningful amount of tvl… it would have happened by now.

  — Pluto

• Understanding the security measures of smart contracts is crucial for assessing DeFi risks.
• The robustness of existing smart contracts highlights their security against exploits.
• Recognizing the security of smart contracts is essential for evaluating DeFi investments.
• The security of smart contracts underscores the importance of ongoing security improvements.
• The need for ongoing security improvements is emphasized by the robustness of smart contracts.
• The assessment of DeFi risks is crucial for safeguarding investments.

Learning from traditional finance

• The crypto industry is learning from traditional finance by implementing safety measures like circuit breakers.

• I think it’s fine… if there’s good lessons to be taken from tradfi we should take them but I think this is one of the ironies of crypto’s the things we really value is composability atomicity and kind of final settlement and tradfi very explicitly defers settlement and people complain about deferred settlement but the reason for that is safety.

  — Pluto

• Understanding the parallels between crypto and traditional finance is crucial for enhancing security.
• The adoption of safety measures from tradfi highlights the importance of transaction security.
• Circuit breakers and deferred settlements are being implemented for safety in crypto.
• Recognizing the importance of safety measures is essential for enhancing transaction security.
• The importance of transaction security underscores the need for adopting safety measures.
• The need for enhanced transaction security is emphasized by the adoption of tradfi measures.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.