Smart Contract Risk Could Be a Global Financial Time Bomb, Movement Labs Co-Founder Warns

This article is machine translated
Show original

In an interview with BeInCrypto, Cooper Scanlon, co-founder of Movement Labs, warned about vulnerabilities in blockchain infrastructure, particularly flaws in traditional smart contracts like Ethereum (ETH). He emphasized that these weaknesses pose a serious threat to the future of global finance.

His comments came as the cryptocurrency industry faces a surge in fraud and attacks, causing significant damage and eroding trust in the field.

Movement Labs Co-Founder Shares Risks of Smart Contracts

Scanlon pointed out that vulnerabilities in smart contracts have led to billions of dollars in losses just in 2024. According to data from SolidityScan, in 2024, cryptocurrency attacks reached $1.4 billion, spanning 149 separate incidents.

Amount lost due to cryptocurrency attacks in 2024Amount lost due to cryptocurrency attacks in 2024. Source: SolidityScan

In fact, this year, the cryptocurrency community has witnessed one of the largest attacks in history when Bybit was targeted. Hackers withdrew $1.5 billion, mainly Ethereum, from this platform. They exploited a single-transaction vulnerability, bypassing wallet security to execute unauthorized withdrawal transactions.

Moreover, in early March, the decentralized exchange (DEX) aggregator 1inch also experienced a serious incident due to a vulnerability in the Fusion v1 resolver smart contract, further illustrating the flaws plaguing this sector.

Scanlon emphasized that these incidents are not gradual declines but catastrophic losses occurring in seconds when vulnerabilities are exploited. The situation becomes more severe when considering the increasing integration of blockchain with traditional financial systems.

"If financial institutions integrate smart contracts into their payment systems and capital markets without addressing the potential for these flaws, we are increasing risk across much larger systems," he told BeInCrypto.

The co-founder also highlighted a dangerous misconception about smart contract security – the belief that a successful audit ensures safety. Scanlon said audits only uncover a small portion of potential vulnerabilities and often overlook more complex attack vectors.

Furthermore, he stressed that these attacks occur daily. He noted that three major re-entrancy bugs have been discovered in the past two months. He warned that these incidents are not isolated but point to deeper architectural flaws.

"If development continues on Ethereum using Solidity code, these threats will unfortunately worsen over the next five years as blockchain adoption increases. Greater integration with traditional finance means higher-value targets, while increasing complexity creates more attack surfaces," Scanlon commented.

To clarify, a re-entrancy vulnerability is a flaw in a smart contract where an external call made by the contract can re-enter the contract before the initial execution completes. This allows an attacker to repeatedly execute a function, potentially draining funds or manipulating the contract in unintended ways. A famous example is the DAO attack in 2016.

The Movement Labs co-founder also mentioned the Kyber attack as an example of how a simple integer overflow error can lead to catastrophic consequences. However, he acknowledged that no developer or auditor can realistically identify vulnerabilities at such a granular level across thousands of lines of Solidity code. Scanlon believes that all traditional protocols carry these inherent risks.

"As major banks, payment processors, and exchanges build on these systems, vulnerabilities that once only affected crypto enthusiasts now threaten the broader financial ecosystem," he emphasized.

To address these risks, he believes the solution lies in moving beyond outdated architectures and adopting modern, more secure designs. He has directed attention to Movement Labs' use of the Move programming language.

Scanlon explained that it eliminates common vulnerabilities through resource-oriented design and formal verification. According to him, Move is specifically designed to prevent all types of vulnerabilities.

"Move represents a revolutionary improvement over existing smart contract platforms," Scanlon advocated.

Smart Contracts and the Financial System: The Path to Integration

Amidst these risks, Scanlon argued that blockchain networks need standardized security protocols. However, he emphasized that traditional models cannot be directly applied.

He pointed out that before integrating decentralized systems, financial institutions must grasp the unique security challenges posed by blockchain.

"Financial institutions looking to integrate decentralized systems must understand that blockchain transactions are irreversible. This means that in blockchain, attacks are often not reversible. This fundamental difference requires a complete rethinking of risk management, but it also points to the unique value of decentralized technology," Scanlon revealed to BeInCrypto.

Scanlon also emphasized the need to develop regulatory approaches. He noted that traditional finance and decentralized systems are no longer separate domains - they are becoming increasingly integrated.

However, he pointed out that most current legal frameworks are still based on outdated concerns. They mainly focus on traditional issues such as Know Your Customer (KYC) compliance, Anti-Money Laundering (AML), and investor protection.

Scanlon warned that these legal frameworks overlook the deeper technological risks that could cause systemic incidents in the blockchain space. He believes that the industry needs clarity.

"Governments should work to establish clear laws around Blockchain in general, so that innovators and developers have the resources and confidence to develop secure, safe chains and applications," Scanlon commented.

He argued that the focus should be on creating an environment where secure innovation can thrive, rather than imposing universal standards.

Why human psychology drives the success of scams

In addition to addressing the vulnerabilities in smart contract infrastructure, Scanlon also discussed the rise of prevalent meme coin scams on social media platforms. Recently, many prominent figures, industry experts and political leaders have been attacked, with their X accounts taken over to promote fraudulent tokens.

Scanlon explained that these incidents are increasing due to the asymmetric rewards involved. With minimal technical effort, scammers can reap significant profits.

"These social engineering attacks are fundamentally different from smart contract vulnerabilities. They exploit human psychology rather than code flaws," Scanlon shared with BeInCrypto.

To combat these threats, Scanlon emphasized that social media platforms need more sophisticated detection systems to identify compromised accounts and prevent the spread of scams. He also called for improved on-Chain analytics to detect and flag suspicious token contracts before they gain traction.

He stressed the importance of enhancing resources to verify the legitimacy of projects. Additionally, he suggested that protocols should integrate stronger verification measures.

Scanlon concluded that the long-term solution lies in improving technology. He emphasized the need to develop an ecosystem that prioritizes security at all levels, from code design to user experience. Scanlon affirmed that the community should be the top priority. Therefore, protecting the community from these threats is the most crucial aspect.

Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Followin logo