The decentralized finance (DeFi) industry has lost over $1 billion to hackers over the past few months, and things seem to be spiraling out of control.
According to the latest statistics, about 1.6 billion US dollars Cryptocurrency stolen from DeFi platforms Q1 2022. Additionally, over 90% of stolen cryptocurrencies came from hacked DeFi protocols.
The numbers underscore a dire situation that, if ignored, could persist for a long time.
Why Hackers Prefer DeFi Platforms
In recent years, hackers have increased their operations against DeFi systems. A major reason these groups are drawn to the industry is the large amount of funds held by decentralized finance platforms. Top DeFi platforms process billions of dollars in transactions every month. So for hackers able to carry out successful attacks, the rewards are high.
The fact that most DeFi protocol code is open source also makes them more vulnerable to cybersecurity threats.
This is because open source programs are open to public scrutiny and can be audited by anyone with an internet connection. Therefore, they can be easily exploited. This inherent property allows hackers to analyze DeFi application integrity issues and plan robberies in advance.
Some DeFi developers have also contributed to the situation by knowingly disregarding platform security audit reports issued by certified cybersecurity firms. Some development teams have also launched DeFi projects without conducting extensive security analysis on them. This increases the likelihood of coding flaws.
Another flaw in the armor when it comes to DeFi security is the interconnectedness of the ecosystem. DeFi platforms often use cross-bridge interconnection, which enhances convenience and versatility.
While cross-bridges provide an enhanced user experience, these critical pieces of code connect a vast network of distributed ledgers with varying levels of security. This multiple configuration allows DeFi hackers to leverage the capabilities of multiple platforms to amplify attacks on certain platforms. It also allows them to quickly transfer ill-gotten gains seamlessly across multiple decentralized networks.
In addition to the aforementioned risks, DeFi platforms are also vulnerable to internal breaches.
Hackers are using a variety of techniques to penetrate vulnerable DeFi peripheral systems.
Security breaches are common in the DeFi space. according to Chain Analysis to 2022 According to the report, about 35% of stolen cryptocurrencies over the past two years were attributed to security breaches.
Many of these occur due to code errors. Hackers often devote considerable resources to finding systemic coding errors that allow them to perform such attacks, and often utilize advanced bug tracking tools to help them.
Another common tactic used by threat actors to find vulnerable platforms is to track down networks with unpatched security issues that have been exposed but not yet implemented.
The hackers behind the recent Wormhole DeFi hack led to Loss of approximately $325 million This tactic is reportedly used in digital tokens. An analysis of the code commits revealed that vulnerability patches uploaded to the platform’s GitHub repository were exploited before the patches were deployed.
The bug allowed an intruder to forge a system signature that allowed the minting of 120,000 Wrapped Ether (wETH) tokens worth $325 million. Hackers then sold wETH for around $250 million in ether (Ethereum). The exchanged ether comes from the platform’s settlement reserves, resulting in losses.
Wormhole services act as bridges between chains. It allows users to spend their deposited cryptocurrencies in cross-chain packaged tokens. This is achieved by minting wormhole-wrapped tokens, which reduces the need to directly exchange or convert deposited coins.
flash loan attack
Flash loans are unsecured DeFi loans that do not require a credit check. They enable investors and traders to borrow money instantly.
Due to their convenience, flash loans are often used to exploit arbitrage opportunities in the connected DeFi ecosystem.
In flash loan attacks, lending protocols are targeted and use price manipulation techniques to create artificial price differences. This enables bad actors to buy assets at deeply discounted rates. Most flash loan attacks take minutes or even seconds to execute and involve multiple interconnected DeFi protocols.
One way attackers can manipulate asset prices is to target attackable price oracles. For example, DeFi price oracles obtain prices from external sources such as reputable exchanges and trading websites. For example, a hacker could manipulate the origin site to trick oracles into temporarily lowering the value of a target asset’s interest rate in order to trade at a lower price compared to the broader market.
The attacker then buys the asset at a reduced price and quickly sells it at a floating exchange rate. Using leveraged tokens obtained through flash loans allows them to magnify their profits.
In addition to manipulating prices, some attackers have been able to conduct flash loan attacks by hijacking the DeFi voting process. recent, Beanstalk DeFi loses $182 million After attackers exploited flaws in its governance system.
The Beanstalk development team includes a governance mechanism that allows participants to vote for platform changes as a core feature. This setup is popular in the DeFi industry because it supports democracy. Voting rights on the platform are set to be proportional to the value of the native tokens held.
Analysis of the breach revealed that the attackers obtained a flash loan from the Aave DeFi protocol, resulting in nearly $1 billion in assets. This gives them a 67% majority in the voting governance system and allows them to unilaterally approve transfers of assets to their addresses. The perpetrator fled with roughly $80 million in digital currency after paying off the flash loan and associated surcharges.
According to Chainalysis, in 2021, about $360 million worth of cryptocurrency was stolen from DeFi platforms using flash loans.
Where does the stolen cryptocurrency go?
Hackers have been using centralized exchanges to launder stolen funds for a long time, but cybercriminals are starting to move them to DeFi platforms. Cybercriminals in 2021 send About 17% of illicit crypto flows to DeFi networks, a significant increase from 2% in 2020.
Market experts speculate that the move to DeFi protocols is due to the wider implementation of stricter know-your-customer (KYC) and anti-money laundering (AML) processes. These programs compromise the anonymity sought by cybercriminals. Most DeFi platforms forgo these key processes.
cooperate with authorities
Centralized exchanges are also now more than ever cooperating with authorities to fight cybercrime. In April, Binance exchange $5.8 million in stolen cryptocurrency recovered This is part of a $625 million stash stolen from Axie Infinity. The money was originally sent to Tornado Cash.
Tornado Cash is a token anonymization service that obfuscates the origin of funds by splitting the on-chain links used to track transaction addresses.
However, a portion of the stolen funds were traced to Binance by the blockchain analysis firm. The loot is stored in 86 addresses on the exchange.
Following the incident, a U.S. Treasury Department spokesperson emphasized that risk sanctions were addressed on cryptocurrency exchanges that deal with cryptocurrencies from blacklisted sources.
Tornado Cash also appears to be working with authorities to stop the transfer of stolen funds to its network. The company said it would implement a monitoring tool to help identify and block embargoed wallets.
There seems to be some progress Authorities seize stolen assets. Earlier this year, the U.S. Department of Justice announced the seizure of $3.6 billion in cryptocurrency and the arrest of two people involved in money laundering. The money was part of $4.5 billion stolen from the Bitfinex cryptocurrency exchange in 2016.
The cryptocurrency seizure was the largest ever recorded.
DeFi CEO talks about the status quo
Earlier this week, Eric Chen, CEO and co-founder of Injective Labs, an interoperable smart contract platform optimized for decentralized finance applications, told Cointelegraph exclusively that these issues are expected to subside.
“With the implementation of stronger security standards, we see the tide continue to subside. With proper testing and further security infrastructure, DeFi projects will be able to prevent the risks of exploits that are common in the future,” he said.
Chen offers an outline of what his network is doing to avoid hacking:
“Compared to traditional Ethereum Virtual Machine-based DeFi applications, Injective ensures a more strictly defined application-centric security model. The design of the blockchain and the logic of the core modules protect Injective from reentrancy, maximum The impact of common vulnerabilities such as extractable value and flash loans. Applications built on Injective can benefit from security measures implemented in the blockchain at the consensus level.”
Cointelegraph also had the opportunity to speak with Konstantin Boyko-Romanovsky, CEO and founder of Allnodes, a non-custodial custody and staking platform, about the increase in hacking incidents. Regarding the main catalysts behind the trend, he said:
“There is no doubt that reducing the risk of DeFi hacking will take some time. However, it is unlikely to happen overnight. There is a lingering sense of competition in DeFi. Everyone seems to be in a hurry, including project founders People. The market is moving faster than programmers can write code. Good players who take every precaution are a minority.”
He also provides some insight into procedures that help solve the problem:
“Code has to get better, smart contracts have to be thoroughly audited, that’s for sure. Also, users should be constantly reminded of careful online etiquette. Identifying any flaws can have attractive incentives. This, in turn, could lead to Promote healthier behavior in specific protocols.”
It is difficult for the DeFi industry to stop hackers. However, it is hoped that increased oversight by the authorities and increased cooperation among exchanges will help curb the scourge.