对话8848：首个针对代币创建者的 DeFi 安全工具——lossless

最近黑客猖獗，因此DeFi安全工具Lossless也备受关注。2021 年 8 月 13 日，Lossless联合 8848 社区举办了AMA活动，我们很荣幸邀请到的嘉宾是Vygandas — CEO of Lossless和Domantas — CTO of Lossless，他们和大家聊聊大家担忧的黑客事件，以及Lossless怎么去解决这个问题。以下是本次 AMA 的文字整理（含中英文翻译），欢迎阅读！

在开始之前我先简单介绍下Lossless。lossless 协议是首个针对代币创建者的 DeFi 安全工具，会依据一组欺诈识别参数，冻结欺诈交易，并将被盗的资金返还给所有者的账户。

1. How did you come up with the idea of Lossless?

你们是在怎样的契机下决定做Lossless这个项目的呢？

V. Hello 8848, thanks for having us in your amazing AMA session. Last summer when DeFi started to grow so fast we started to interact with different protocols — lending, farming and so on. Quickly we realised a vulnerable space there because of non-audited contracts and rug-pulls. So we started discussing how we could help DeFi in order to be a safer place with less hacks and exploits and after the long discussion we shaped our vision.

V. 8848的小伙伴们好，感谢邀请我们参加这场AMA。去年夏天，当DeFi开始快速增长时，我们开始与各种协议进行交互-贷款，挖矿等。很快，由于未经审核的合同以及项目跑路的频发，我们发现了一个DeFi中依然存在脆弱的地方。因此，我们开始讨论如何帮助DeFi，以减少黑客和漏洞攻击，从而变得更安全和成熟。经过漫长的讨论，我们提出了Lossless的愿景。

D. And I personally was involved in building a customer-facing app that moves the funds to DeFi protocols in a custodial manner. This really got me thinking of the ways I could mitigate the risks.

D. 同时我个人也参与构建了一款操作友好地，帮助用户以托管形式移动资金到DeFi协议中的应用。这些经验帮助我加深了如何降低DeFi风险的思考。

2．Have you had any personal experience with exploits and hacks yourself?

你们自己有经历过来自项目漏洞或者黑客攻击的损失吗？

V. Definitely… I bought $ENM from Andre and shortly it was hacked.. This one was the biggest loss for myself..

V. 当然有了。我买过AC的$ENM，不久这个项目就被黑客攻击了.. 对我个人而言，这是最大的一次损失。

D. Rug-pulls, private keys getting stolen, losing tokens to some cheap freshly created yield farm, I’ve seen it all happen to the people I know that have been in crypto for the past few years.

D. 项目抽池子、私钥失窃、挖土矿被盗币… 过去几年来我认识很多这些攻击的受害者。

3．Are users involved in this process?

在你们的项目中，用户需要参与吗？

V. Yes, this is one of the main goals for Lossless. Community should be active in order to help minimize the hacks, we are here all together for the same aim — to minimize the hacks. We expect a huge involvement from the community by reporting potential hacks and exploits. We have prepared great incentives for the community to be involved so they can take a share of the stopped hack.

V．是的，这是Lossless的主要目标之一。社区应该活跃起来，以最大程度地帮助减少黑客攻击，我们在这里都是出于同一目的-最大限度地减少黑客攻击。我们希望通过报告潜在的黑客和漏洞来吸引社区的广泛参与。我们已为社区参与准备了巨大的激励，以使他们能够积极参与降低黑客攻击的任务。

4． Who are the main decision makers in Lossless ecosystem?

在Lossless生态中，谁是做决策的人？

V. Currently the power is in the hands of the Lossless Decision Making Body. It will be formed from 3 parties — Lossless Committee(formed from well-known people in the industry), Lossless company (which later should be replaced with our community by giving governance for them) and Token Creators (creators of the hacked token).

V．目前，权力掌握在无损决策实体手中。它由三方组成-Lossless委员会（由业内知名人士组成），Lossless公司（以后会替代为享有治理权的社区）和令牌创建者（被黑客入侵的令牌的创建者）。

5. How big is the Lossless team?

5. Lossless目前的团队有多大？

V. Currently, we are a small team of 5 people, but we just started to hire more people to help boost our software development process.

V. 目前我们的团队很小只有5个人，不过我们准备雇佣更多员工来加速开发的进程。

6.How would you compare the fraud of today’s crypto space to the past?

6.目前区块链领域的诈骗和过去相比怎样样？

V. It has evolved. The protocols become more complex and the hacks become the same.. It is a continuous job to always be one step ahead of the hackers. We are prepared to analyse different hacks patterns and predict the new ones in order to take the action immediately.

V. 可以说诈骗已经进化了。协议变得更加复杂的同时，黑客也在进步。魔高一尺，道高一丈是一个持续的过程。我们准备分析不同的黑客模式并预测新的黑客模式，以便立即采取行动。

D. I think the main difference between the old ways of crypto and the modern days is that in the past the major attack vectors for the crypto hacks were exchanges and personal private key hacks. But with the growth of DeFi the hackers focus shifted to these smart contracts having millions or even billions of TVL.

D. 我认为过去区块链领域与现代的主要区别在于，过去，加密黑客的主要攻击媒介是交易所和个人私钥黑客。但是随着DeFi的增长，黑客的重心转移到了拥有数百万甚至数十亿TVL的智能合约上。

7.What are the most prevalent cases of fraud and what have been the best methods to rid the market of them?

7.目前最普遍的黑客攻击是什么，同时有什么方法去避免被攻击，减少损失？

V. It is hard to exclude one hack pattern as the most popular, but currently these are the most common — wallet address hacks (stolen seed phrase), rug-pulls, flash-loan hacks and TVL protocols hacks.

V. 很难说哪一种攻击最普遍，但目前是最常见的-盗窃私人钱包（盗窃种子短语），抽池子，闪存贷攻击和TVL协议攻击。

D. And there are some ways to protect from these kinds of exploits, most of them focus on preventing the exploit from occurring in the first place. However, as the past few years have shown, the truth is that people that are new to crypto or early-stage projects don’t have the resources to prevent the hacks. And that’s why there is a need for a tool that allows stopping the hacks after they have already happened.

D. 并且确实有一些方法可以防止此类漏洞，其中大多数都首先侧重于防止漏洞的发生。然而，正如过去几年所表明的，事实是，那些对初入此行的新手或者早期项目根本没有资源来防止黑客攻击。这就是为什么需要一个工具，来保证过去的错误不再被重演。

8.How does your system enhance transparency?

8.如何保证你们系统的透明性？

D. If we want crypto to replace the current banking system we also need an AML department. And of course, it should be decentralized. That’s what Lossless is. Anyone can report a suspicious transaction and then the decision-making body votes if it’s an actual hack or not. Everyone on the decision-making body is a publicly known entity and everything is happening on-chain, so every aspect of stopping fraudulent transactions is transparent.

D. 如果我们想要加密来取代目前的银行系统，我们还需要一个 AML （反洗钱）部门。当然，它应该去中心化的。这就是Lossless。任何人都可以报告可疑交易，然后由决策机构进行投票，判断它是否是来源于赫克。决策机构中的每个人都是公开的实体，一切都在链上进行，因此阻止欺诈交易的各个方面都是透明的。

9.How quickly does it take to identify a scammer in the system?

9.在你们的系统中识别一次诈骗需要多久的时间？

D. Every hack or exploit is different and unique. Looking back to the hacks that have already happened we can see that they can happen in one transaction or take even a few hours. So there isn’t one solution here. And that’s why Lossless monitoring mechanisms are tuned to react according to the situation. This means that the exploit can be intercepted instantly or take a few minutes depending

D. 每一个黑客或漏洞是不同和独特的。回顾已经发生的黑客攻击，我们可以看到，它们可能发生在一个交易，或者需要几个小时。因此，这里没有一个解决方案。这就是为什么Lossless的监控系统会根据情况进行调整，以便根据情况做出反应的原因。这意味着也许可以立即截获漏洞，或者根据情况需要几分钟时间

10.How does the reward system work and how does it help steer the system away from more hacks and exploits?

10.奖励系统的工作原理是怎样的，同时它将怎样促进系统探查黑客攻击以及漏洞？

D. The Lossless is the first-ever protocol that incentivizes the white hat hacker, security experts, smart contract researchers, or even whistleblowers to be rewarded by reporting the hacks. The people that report the hacks are rewarded by getting the part of the tokens that were stopped from being a hack. So the reward is proportional to the size of a hack that is being stopped.

D．Lossless是有史以来第一个通过举报黑客来激励白帽黑客、安全专家、智能合同研究者以及举报人的应用。报告攻击的人能够获得来自受害者方的部分代币奖励。因此，奖励与攻击的规模成正比。

11.Where do you see the crypto space headed in the next five years? This is in terms of fraud in the market.

11.在接下来的五年里，在诈骗攻击的领域，你觉得区块链将会怎么发展？

D. With the current growth of the DeFi and crypto market in general there’s more capital than ever to create and experiment with new kinds of financial products. But with every new kind of product will come new kinds of risks and possible exploits. We guess that while the DeFi space continues to grow so will the number of hacks that target these fresh, established, or just copied DeFi protocols. So the only way for mainstream adoption is an industry-wide security standard that Lossless is trying to build.

D．随着目前DeFi和加密市场的增长，创新以及试验新型金融产品的热钱比以往任何时候都活跃。但随着每一种新产品的出现，都会带来新的风险和可能的漏洞。我们猜测，虽然 DeFi 空间会继续增长，但针对这些新型的、已建立或只是模仿的 DeFi 协议的黑客攻击数量也会增长。因此，为了区块链的普及，唯一方法是建立全行业安全标准，Lossless正在尝试构建。

V. I want to endorse Domantas here and just to emphasize that DeFi is in its early days and now we are building a foundation for cyber-security for DeFi, and we want to be pioneers here!

V. 我赞同Domantas的观点。 我想强调 Defi 还处于早期阶段， 现在我们正在为 Defi 的网络安全奠定基础， 我们希望成为这个领域的开拓者！

我们今天的AMA到此结束，想进一步了解Lossless以及其动态的家人们，可以通过以下方式关注它们的最新进展：

网页： https://lossless.cash/

Twitter: https://twitter.com/losslessdefi

Telegram： https://twitter.com/losslessdefi

If anyone want to dig more on Lossless and follow the updates, you can check out the following links:

Website： https://lossless.cash/

Twitter: https://twitter.com/losslessdefi

Telegram： https://twitter.com/losslessdefi