Uneasy Money: How the Resolv Hack Shows an Audit Doesn't Mean 'Secure'

The podcast explores the recent Resolv hack, where a compromised AWS key led to the minting of $80 million in unbacked USR, causing a significant market crash and bad debt across DeFi lending protocols. The discussion highlights the hack's root cause: a single, unsecured key with unlimited minting permissions, and questions the architectural choices that prioritized convenience over security. The panelists critique the over-reliance on smart contract audits that often overlook basic operational security and threat modeling, emphasizing the need for robust risk management and monitoring. Omer Goldberg, CEO of Chaos Labs, joins the panel and points out the importance of implementing security measures, such as multi-factor authentication and velocity controls, even within Web2 environments like AWS. The conversation further examines the contagion effects of the hack, particularly within lending protocols like Morpho, Fluid, and Venus, and emphasizes the need for better counterparty risk assessment and credit line management.

Outlines

Part 1: Incident Analysis, Root Causes

Part 2: Contagion, Exploitation Mechanics

Part 3: Risk Management, Yields

Part 4: Future Outlook, Accountability

Sign in to continue reading, translating and more.

Continue

Unchained

Part 1: Incident Analysis, Root Causes

Resolv Hack: $54 Million Loss Due to Compromised AWS Private Key

Security Audit Shortcomings: Basic Threat Modeling Neglected in DeFi

Balancing Startup Trade-offs: Security as a Top Priority for Asset Issuers

Part 2: Contagion, Exploitation Mechanics

Contagion from Resolv Hack: Infinite Minting and Lending Protocol Exploitation

Speculating on the Resolv Hack: Operator Attack vs. Limited Time Exploitation

DeFi Lending Markets: Isolated Risks and the Hardcoded Oracle Issue

Part 3: Risk Management, Yields

Risk Assessment Failures: The Need for Better Risk-Adjusted Yields in DeFi

Aave v4: Evolving Lending Protocols and Mitigating Contagion Risk

Part 4: Future Outlook, Accountability

Strengthening DeFi: Accountability and Risk Mitigation for a Robust Ecosystem

Uneasy Money: How the Resolv Hack Shows an Audit Doesn't Mean 'Secure'

Unchained

Part 1: Incident Analysis, Root Causes

00:01Resolv Hack: $54 Million Loss Due to Compromised AWS Private Key

Resolv Hack: $54 Million Loss Due to Compromised AWS Private Key

07:50Security Audit Shortcomings: Basic Threat Modeling Neglected in DeFi

Security Audit Shortcomings: Basic Threat Modeling Neglected in DeFi

17:27Balancing Startup Trade-offs: Security as a Top Priority for Asset Issuers

Balancing Startup Trade-offs: Security as a Top Priority for Asset Issuers

Part 2: Contagion, Exploitation Mechanics

28:21Contagion from Resolv Hack: Infinite Minting and Lending Protocol Exploitation

Contagion from Resolv Hack: Infinite Minting and Lending Protocol Exploitation

38:06Speculating on the Resolv Hack: Operator Attack vs. Limited Time Exploitation

Speculating on the Resolv Hack: Operator Attack vs. Limited Time Exploitation

47:03DeFi Lending Markets: Isolated Risks and the Hardcoded Oracle Issue

DeFi Lending Markets: Isolated Risks and the Hardcoded Oracle Issue

Part 3: Risk Management, Yields

57:31Risk Assessment Failures: The Need for Better Risk-Adjusted Yields in DeFi

Risk Assessment Failures: The Need for Better Risk-Adjusted Yields in DeFi

1:04:48Aave v4: Evolving Lending Protocols and Mitigating Contagion Risk

Aave v4: Evolving Lending Protocols and Mitigating Contagion Risk

Part 4: Future Outlook, Accountability

1:17:53Strengthening DeFi: Accountability and Risk Mitigation for a Robust Ecosystem

Strengthening DeFi: Accountability and Risk Mitigation for a Robust Ecosystem