DeFi attacks are on the rise; will the industry be able to keep up?

Hundreds of DeFi systems have been compromised in the last year, and the trend does not appear to be slowing.

In the last few months, the decentralized finance (DeFi) business has lost over a billion dollars to hackers, and the situation appears to be out of control.

According to the most recent figures, $1.6 billion in cryptocurrencies were stolen from DeFi platforms in the first quarter of 2022. Furthermore, approximately 90% of all stolen crypto comes from exploited DeFi protocols.

These data illustrate a severe scenario that, if neglected, is likely to worsen in the long run.

Why hackers prefer DeFi platforms

Hackers have increased their activities targeting DeFi systems in recent years. The large volume of funds held by decentralized financial platforms is one of the key reasons that these groups are drawn to the sector. Each month, top DeFi platforms conduct billions of dollars in transactions. As a result, the rewards are substantial for hackers who can carry out effective attacks.

The fact that the majority of DeFi protocol codes are open source makes them even more vulnerable to cybersecurity threats.

This is because open source applications are open to public scrutiny and can be inspected by anybody with an internet connection. As a result, they are easily exploited. Because of this intrinsic trait, hackers can evaluate DeFi apps for integrity concerns and plot heists ahead of time.

Some DeFi developers have additionally exacerbated the matter by ignoring platform security audit reports issued by qualified cybersecurity services. Some development teams also launch DeFi solutions without conducting rigorous security testing. This raises the likelihood of coding errors.

The interconnection of ecosystems is another chink in the DeFi security armor. Cross-bridges are commonly used to connect DeFi platforms, increasing convenience and versatility.

While cross-bridges improve user experience, they also connect vast networks of distributed ledgers with varied levels of security. DeFi hackers can use this multiplex arrangement to leverage the capabilities of numerous platforms to magnify attacks on specific platforms. It also enables them to seamlessly transfer illicit payments across numerous decentralized networks.

Aside from the concerns stated above, DeFi platforms are vulnerable to insider sabotage.

Security breaches

Hackers are employing a variety of tactics to get access to weak DeFi perimeter systems.

Security breaches are widespread in the DeFi industry. According to the 2022 Chainalysis research, security failures are responsible for nearly 35% of all stolen cryptocurrency in the last two years.

Many of these are the result of bad code. Hackers frequently devote large energy to discovering systemic coding faults that enable them to carry out these types of assaults, and they typically use powerful bug tracker tools to assist them achieve this.

Tracking down networks with unpatched security problems that have already been exposed but have yet to be implemented is another popular approach employed by threat actors to search out vulnerable platforms.

This approach was reportedly utilized by the hackers behind the recent Wormhole DeFi hack assault, which resulted in the theft of approximately $325 million in digital tokens. An examination of code contributions revealed that a vulnerability fix posted to the platform's GitHub repository had been abused prior to its deployment.

Because of the error, the intruders were able to falsify a system signature, allowing the minting of 120,000 Wrapped Ether (wETH) tokens worth $325 million. The hackers later sold the wETH for approximately $250 million in Ether (ETH). The swapped Ethereum currencies came from the platform's settlement reserves, resulting in losses.

Wormhole functions as a link between chains. Users can spend their deposited coins in wrapped tokens across chains. This is performed by minting Wormhole-wrapped tokens, which eliminate the need to directly swap or convert the deposited money.

Flash loan attacks

Flash loans are unsecured DeFi loans with no credit checks required. They allow investors and traders to borrow money quickly.

Flash loans are typically employed to take advantage of arbitrage opportunities in connected DeFi ecosystems due to their convenience.

Lending processes are targeted and subverted in flash loan assaults utilizing price manipulation techniques that produce false price differences. This enables undesirable actors to acquire assets at drastically reduced prices. Most flash loan assaults take minutes, if not seconds, to complete and include numerous interconnected DeFi protocols.

One method used by attackers to manipulate asset values is to target vulnerable price oracles. DeFi pricing oracles, for example, obtain their rates from respected exchanges and trade sites. Hackers, for example, can modify the source sites to deceive Oracles into temporarily reducing the value of selected asset rates, causing them to trade at lower prices than the rest of the market.

Attackers then purchase the assets at depressed prices and swiftly sell them at the floating exchange rate. They can multiply their earnings by using leveraged tokens obtained through flash loans.

In addition to price manipulation, some attackers have been able to carry out flash loan attacks by hijacking DeFi voting processes. Beanstalk DeFi recently suffered a $182 million loss after an attacker exploited a flaw in its governance system.

As a basic element, the Beanstalk development team added a governance structure that allowed members to vote on platform updates. This configuration is popular in the DeFi business because it promotes democracy. The platform's voting rights were set to be proportional to the value of native tokens possessed.

According to a study of the incident, the attackers got a flash loan using the Aave DeFi protocol to obtain about $1 billion in assets. This gave them a 67 percent majority in the voting governance system, allowing them to authorize the transfer of assets to their address unilaterally. After repaying the flash loan and related surcharges, the culprits made off with approximately $80 million in digital currencies.

According to Chainalysis, over $360 million in crypto currencies were stolen from DeFi platforms in 2021 through flash loans.

Where does stolen crypto go?

Hackers have historically utilized centralized exchanges to launder stolen assets, but they are increasingly being replaced by DeFi platforms. In 2021, cybercriminals delivered around 17% of all illicit crypto to DeFi networks, a huge increase from 2% in 2020.

According to market analysts, the change to DeFi protocols is due to the widespread implementation of more strict Know Your Customer (KYC) and Anti-Money Laundering (AML) policies. The procedures jeopardize cybercriminals' desire for anonymity. Most DeFi solutions skip these critical steps.

Cooperation with the authorities

Centralized exchanges are also collaborating with authorities to combat cybercrime more than ever before. In April, the Binance exchange helped recover $5.8 million in stolen cryptocurrencies that were part of a $625 million stockpile taken from Axie Infinity. The funds were initially sent to Tornado Cash.

Tornado Cash is a token anonymization service that conceals the source of cash by fragmenting on-chain linkages used to track transactional addresses.

However, a part of the stolen cash were traced back to Binance by blockchain analytics firms. The loot was housed in 86 exchange addresses.

Following the event, a spokeswoman for the US Treasury Department stated that crypto exchanges that handle money from blacklisted crypto addresses face sanctions.

Tornado Cash appears to be working with authorities to prevent the transmission of stolen funds to its network. The company has stated that it will implement a monitoring tool to assist in the identification and blocking of embargoed wallets.

The authorities appear to be making some success in seizing stolen assets. Earlier this year, the US Department of Justice reported the seizure of $3.6 billion in cryptocurrency and the arrest of two people involved in the money laundering. The funds were part of the $4.5 billion stolen from the Bitfinex cryptocurrency exchange in 2016.

The cryptocurrency seizure was one of the largest ever recorded.

DeFi CEOs speak about the current situation

Eric Chen, CEO and co-founder of Injective Labs — an interoperable smart contracts platform specialized for decentralized finance applications — told Cointelegraph exclusively earlier this week that there is hope that the problems can be resolved.

"We are watching the tide recede as more stringent security rules are implemented." DeFi projects will be able to prevent common exploit risks in the future with thorough testing and other security infrastructures in place," he stated.

Chen offered a summary of the efforts his network was taking to prevent hack attacks:

“Injective ensures a more tightly defined application-centric security model compared to traditional Ethereum Virtual Machine-based DeFi applications. The design of the blockchain and the logic of core modules protect Injective from common exploits such as re-entrancy, maximum extractable value and flash loans. Applications built on top of Injective are able to benefit from the security measures that are implemented in the blockchain on the consensus level.”

Cointelegraph also had the chance to speak with Konstantin Boyko-Romanovsky, CEO and founder of Allnodes — a non-custodial hosting and staking platform — about the increase in hack incidences. Regarding the main catalysts behind the trend, he said:

“No doubt it will take some time to lower the risk of DeFi hacks. It is unlikely, however, that it will happen overnight. There is a lingering sense of a race in DeFi. Everyone seems to be in a hurry, including the project founders. The market is evolving faster than the speed at which programmers write code. Good players who take every precaution are in the minority.”

He also provided some insight on procedures that would help counteract the problem:

“The code must get better and smart contracts must be thoroughly audited, that’s for sure. In addition, users should be constantly reminded of cautious etiquette online. Identifying any flaws can be attractively incentivized. This, in turn, might promote healthier conduct across a particular protocol.”

The DeFi industry is having a hard time thwarting hack attacks. There is, however, hope that increased monitoring from the authorities and greater cooperation among exchanges will help curb the scourge.


** Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of USA GAG nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.

Follow us on Google News

Filed under