The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past few months and the situation seems to be spiraling out of control.
According to the latest statistics, about $1.6 billion worth of cryptocurrencies were stolen from DeFi platforms in the first quarter of 2022. Additionally, over 90% of all stolen cryptos come from hacked DeFi protocols.
These numbers highlight a dire situation that is likely to persist in the long term if ignored.
Why hackers prefer DeFi platforms
In recent years, hackers have ramped up operations targeting DeFi schemes. A key reason these groups are drawn to the industry is the sheer volume of funds that decentralized finance platforms hold. Top DeFi platforms process billions of dollars in transactions every month. Accordingly, the rewards for hackers who are able to carry out successful attacks are high.
The fact that most DeFi protocol codes are open source also makes them even more vulnerable to cybersecurity threats.
This is because open source programs are available for public examination and can be examined by anyone with an internet connection. As such, they can be easily searched for exploits. This inherent property allows hackers to analyze DeFi applications for integrity issues and plan raids in advance.
Some DeFi developers have also contributed to the situation by deliberately disregarding platform security audit reports published by certified cybersecurity firms. Some development teams are also launching DeFi projects without subjecting them to a comprehensive security analysis. This increases the likelihood of coding errors.
Another dent in the armor when it comes to DeFi security is ecosystem interconnectivity. DeFi platforms are typically connected to each other via cross bridges, adding convenience and versatility.
While cross-bridges provide an enhanced user experience, these crucial snippets of code connect vast networks of distributed ledgers with varying levels of security. This multiplexed configuration allows DeFi hackers to leverage the capabilities of multiple platforms to amplify attacks on specific platforms. It also allows them to quickly and seamlessly transfer ill-gotten funds across multiple decentralized networks.
Besides the above risks, DeFi platforms are also vulnerable to insider sabotage.
Hackers use a variety of techniques to infiltrate vulnerable DeFi perimeter systems.
Security breaches are commonplace in the DeFi sector. According to the 2022 Chainalysis report, about 35% of all stolen cryptos in the last two years are attributed to security breaches.
Many of them occur due to buggy code. Hackers typically expend significant resources to find systemic coding errors that allow them to carry out these types of attacks, and typically use advanced bug tracker tools to help them do so.
Another common tactic used by threat actors to find vulnerable platforms is to find networks with unpatched security issues that have already been discovered but have yet to be implemented.
Hackers behind the recent Wormhole DeFi hack attack that resulted in the loss of approximately $325 million in digital tokens are said to have used this strategy. An analysis of code commits revealed that a vulnerability patch uploaded to the platform’s GitHub repository was exploited before the patch was deployed.
The flaw allowed the intruders to forge a system signature that enabled the minting of 120,000 Wrapped Ether (wETH) coins worth $325 million. The hackers then sold the wETH into ether (ETH) for around $250 million. The exchanged Ethereum coins were mined from the platform’s settlement reserves, which resulted in losses.
The wormhole service acts as a bridge between chains. It allows users to spend deposited cryptocurrencies in wrapped tokens across chains. This is achieved by minting wormhole-wrapped tokens that reduce the need to exchange or convert deposited coins directly.
Current: How blockchain archives can change the way we record history in times of war
Flash Loan Attacks
Flash loans are unsecured DeFi loans that do not require a credit check. They allow investors and traders to borrow money instantly.
Due to their convenience, flash loans are typically used to take advantage of arbitrage opportunities in connected DeFi ecosystems.
Flash lending attacks attack lending protocols and compromise them with price manipulation techniques that create artificial price differentials. This allows bad actors to buy assets at heavily discounted prices. Most flash loan attacks take minutes and sometimes seconds to execute and involve multiple interconnected DeFi protocols.
One way attackers manipulate asset prices is by targeting vulnerable price oracles. For example, DeFi price oracles get their prices from external sources such as reputable exchanges and trading sites. For example, hackers can manipulate source sites to trick oracles into temporarily lowering the value of targeted asset rates in order for them to trade at lower prices relative to the broader market.
Attackers then buy the assets at deflated rates and quickly sell them at their floating exchange rate. Using leveraged tokens obtained through flash loans allows them to increase profits.
In addition to manipulating prices, some attackers have been able to perform flash lending attacks by hijacking DeFi voting processes. Most recently, Beanstalk DeFi suffered a $182 million loss after an attacker exploited a flaw in its governance system.
The Beanstalk development team had built in a governance mechanism that allowed participants to vote for platform changes as core functionality. This setup is popular in the DeFi industry because it upholds democracy. The voting rights on the platform were set proportionally to the value of the native tokens held.
An analysis of the breach revealed that the attackers received a lightning loan from the Aave DeFi protocol to obtain nearly $1 billion in assets. This enabled them to obtain a 67 percent majority in the voting governance system and unilaterally authorize the transfer of assets to their address. The perpetrators made off with approximately $80 million in digital currencies after repaying the flash loan and associated surcharges.
According to Chainalysis, around $360 million worth of cryptocoins were stolen from DeFi platforms using flash loans in 2021.
Where does stolen crypto go?
Hackers have long used centralized exchanges to launder stolen funds, but cybercriminals are starting to dump them for DeFi platforms. In 2021, cybercriminals sent about 17% of all illicit cryptos to DeFi networks, a significant increase from 2% in 2020.
Market experts posit that the shift to DeFi protocols is due to the broader implementation of stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) processes. The procedures jeopardize the anonymity sought by cybercriminals. Most DeFi platforms forego these crucial processes.
cooperation with the authorities
Now more than ever, centralized exchanges are collaborating with authorities to fight cybercrime. In April, the Binance exchange played a pivotal role in recovering $5.8 million worth of stolen cryptocurrencies that were part of a $625 million stash stolen by Axie Infinity. The money was initially transferred to Tornado Cash.
Tornado Cash is a token anonymization service that obfuscates the origin of funds by fragmenting on-chain links used to track transaction addresses.
However, some of the stolen funds were traced back to Binance by blockchain analysis firms. The loot was kept at 86 addresses on the exchange.
After the incident, a US Treasury Department spokesman emphasized that crypto exchanges trading funds from blacklisted cryptos risk sanctions.
Tornado Cash also appears to be working with authorities to stop the transfer of stolen funds to its network. The company has announced that it will implement a monitoring tool to identify and block embargoed wallets.
There seems to be some progress in the authorities’ seizure of stolen assets. Earlier this year, the US Department of Justice announced the seizure of $3.6 billion worth of crypto and arrested two people involved in the money laundering. The money was part of the $4.5 billion stolen from the Bitfinex crypto exchange in 2016.
The crypto seizure was among the largest on record.
DeFi CEOs talk about the current situation
In an exclusive chat with Cointelegraph earlier this week, Eric Chen, CEO and co-founder of Injective Labs — an interoperable smart contract platform optimized for decentralized finance applications — said there was hope the issues were easing.
“We are seeing the tide continue to subside as more robust safety standards are put in place. With proper testing and further security infrastructure, DeFi projects will be able to prevent common exploit risks in the future,” he said.
Chen gave an overview of the measures his network took to ward off hacker attacks:
“Injective ensures a more tightly defined application-centric security model compared to traditional Ethereum Virtual Machine-based DeFi applications. The design of the blockchain and the logic of the core modules protect Injective from common exploits such as reentry, maximum extractable value, and flash loans. Applications built on top of Injective can benefit from the security measures implemented in the consensus-level blockchain.”
Recently: Rising global adoption positions crypto perfectly for retail use
Cointelegraph also had the opportunity to speak to Konstantin Boyko-Romanovsky, CEO and founder of Allnodes — a no-custodial hosting and staking platform — about the rise in hacking incidents. Referring to the main catalysts behind the trend, he said:
“No doubt reducing the risk of DeFi hacks will take time. However, this is unlikely to happen overnight. There is an ongoing sense of race in DeFi. Everyone seems to be in a hurry, including the project creators. The market is evolving faster than the speed at which programmers are writing code. Good players who take every precaution are in the minority.”
He also gave some insights into procedures that would help counteract the problem:
“The code needs to get better and smart contracts need to be scrutinized, that’s for sure. In addition, users should be constantly reminded of prudent Internet etiquette. Spotting mistakes can provide attractive incentives. This, in turn, could encourage healthier behaviors in a given protocol.”
The DeFi industry has a hard time thwarting hack attacks. However, there is hope that increased surveillance by authorities and closer cooperation between exchanges will help contain the scourge.
https://cointelegraph.com/news/defi-attacks-are-on-the-rise-will-the-industry-be-able-to-stem-the-tide DeFi Attacks Rise – Will the Industry Be Able to Stem the Tide?