DeFi platforms at much higher risk than centralised exchanges: report
Chainalysis' 2022 Crypto Crime report states that hackers have already stolen cryptocurrency valued at $1.3 billion in Q1 2022
By Shashank Bhardwaj
In 2021, hackers stole $3.2 billion worth of cryptocurrency across exchanges. Come 2022, these hacks seem to have gathered more steam, with $1.3 billion worth of cryptocurrency hacks already reported in the first quarter of the year. The numbers disproportionately sway toward more Defi platforms as victims of these hacks.
The Chainalysis’ 2022 Crypto Crime report states that 97 percent of the cryptocurrency was stolen from Defi platforms. The previous years’ numbers depict that the trend has been rising steadily: 72 percent in 2021 and 30 percent in 2020.
The most common and major vector of attack in the past hacks has been security breaches. In these security breaches, the hacker gains access to the victim's private keys to steal their cryptocurrencies. The $615 million March 2022 hack of the Ronin Network is a testimony that this technique remains effective. The report states that 35 percent of the value of stolen cryptocurrency from 2020 to Q1 of 2022 resulted from security breaches. Addressing the hacking concerns for Defi platforms, the report suggested that faulty code, which leads to code exploits and flash loan attacks, is the major cause of the increasing rate of hacks on Defi platforms.
“The answer to why DeFi protocols are being increasingly hacked lies in the code they are based on. The majority of hacking attacks happen because of smart contracts’ code vulnerabilities that the hackers exploit to gain access to user funds, says Johnny Lyu, KuCoin CEO, adding, “The decentralised nature of DeFi platforms makes them even more vulnerable to attacks, as hackers target specific bugs in the software suites, which are very transparent since the apps are open source.”
These smart contract vulnerabilities are inherent in Defi platforms and decentralised exchanges because of their open-source and transparent nature. Users can audit the underlying source code to build trust for the protocol, but this trait has been the Defi platforms’ undoing. Cybercriminals analyse the source code for vulnerabilities and plan the code exploit. The BadgerDAO hack is one such example where the hacker tested the exploit months before the actual attack.
The other common vector, Flash Loans, occurs due to the Defi Platforms’ dependence on unstable price oracles. These unstable oracles are vulnerable to price manipulation. A total of $364 million worth of cryptocurrencies were stolen, all thanks to these Flash Loans.
The report suggests using decentralised oracles like Chainlink and code audits as preventive measures against such code exploits and hacks. Lyu continues, “While this peculiarity requires even more time and resources to be spent on code audits and stress tests, many of today’s DeFi projects are launched hastily and do not pay much to build a strong security team. It can be seen that for the current security vulnerabilities in Defi projects, smart contract auditing, senior and experienced teams will be helpful to prevent hacker attacks."
Shashank is the founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist. Twitter: @bhardwajshash