This blog post will cover:
- What are hacks and why is DeFi vulnerable?
- Determined vulnerabilities of DeFi
- Financial risks
- Technical risks
- Procedural risks
- The DeFi theft cases
- #3 Wormhole — $322,000,000
- #2 Poly Network — $613,000,000
- #1 Ronin Network — $615,000,000
- How to prevent DeFi hacks?
Decentralized Finance is one of the most popular terms now in Crypto World. It has brought a new life to the financial sphere: users all over the world are able to lend, borrow, earn interest and save with no need to trust traditional banks and other centralized institutions. Smart contracts become an ultimate solution to enable this opportunity for DeFi projects.
We can see tons of DeFi crypto projects appearing each year, which have literally billions of dollars locked into smart contracts. But why do people decide to invest in DeFi? The most significant reason is that it’s trustless. Decentralized applications do not need any intervention from a human when they’re deployed. Investing in DeFi has no limits for usage — anyone anywhere may join.
However, the technology is still too fresh to be perfect and bugless. Today we are going to see what vulnerabilities does decentralized finance have and what can be done to prevent the break-ins.
What are hacks and why is DeFi vulnerable?
Hack is basically a compromised weakened security system. When there is a problem, malicious actions appear in order to receive access to the DeFi stock which is stored on the platform. In accordance with the research from the Chainalysis, more than $2,000,000,000 worth of crypto was stolen in 2021 and over $1,000,000,000 in the first quarter of 2022:
DeFi projects become a usual target of hacks because they keep huge funds in their vaults and they are autonomous, thus, the users’ actions aren’t humanly controlled. The whole system is very transparent and the bugs or weaknesses that scammers find are always used to their own advantage.
Hacks also occur because sometimes the platform’s devs couldn’t predict which network features might be used as loopholes to get users' money. Besides that, we have an easy math question here — systems’ interoperability + huge investments = arbitrage possibilities and more space for hackers.
The whole story is very logical — DeFi gets more popular — more projects use this technology — people are investing in projects — serious money is spinning in DeFi — it’s a haven for hackers. Further we will check out the already known risks of decentralized finance.
Determined vulnerabilities of DeFi
There exist three types of usual risks noticed by DeFi companies which later could culminate in a hack and significant financial losses:
Each type is very crucial to check if you are running a DeFi project, otherwise these 3 points might play a bad joke on it. You should also read the documentation of any project you are planning to invest in, so take these into consideration.
This one is mostly related to the failed attempts of developers to create a working model where users’ financial risks are minimized and to make sure no loopholes are about to appear. Sometimes this kind of risk takes place because of unethical investors whose behavior makes the token price decrease. That’s how crypto assets become uncompetitive and leave the market. This is also another reason why projects get abandoned.
Another kind of risk is a technical one. It’s related to hardware, software and smart contracts — in a word, the tech side of the project. The entire functionality might be in jeopardy if the technical risks occur. That’s why it’s essential for the team to check all the equipment before presenting the project to the public.
These are situations when users face the problem while using a DeFi service. For example, phishing attacks that often happen in the crypto industry (in any financial sphere, actually). Such risks are initiated by imposters via any scam scheme.
These are the basic types of DeFi risks, however, there might be much more than that. Now it’s time to see the examples of when the decentralized finance crypto projects were compromised and lost both a lot of money and users’ trust.
The DeFi theft cases
We have talked about the theoretical side of DeFi risks, but it’s much easier to see how it works on actual cases that took place just recently. Here’s our top 3 DeFi projects that faced huge financial losses.
#3 Wormhole — $322,000,000
The story of Wormhole is quite short, however, it might become a good lesson for other DeFi projects out there. In February, 2022 the thief concentrated on a bridge’s leg on Solana, the place where customers have to lock ETH into a smart contract and then receive the same amount in WETH. Scammer has found a way around this via minting wrapped Ethereum with no need to lock up ETH in the Wormhole network. In total, Wormhole has lost $322 mln. Luckily, the Jump Trading Group company has decided to help Wormhole to recover.
#2 Poly Network — $613,000,000
In August 2021, an attacker exploited cross-chain relay contracts to extract Poly Network’s funds on three different chains: Ethereum, BSC, and Polygon. The attacker ultimately returned the stolen funds. You can get acquainted with the complete case study if interested.
The case of Poly Network: an attacker used the vulnerability of the network’s contract calls, which are the parts of code powering the entire protocol. As a result, a hacker ran with $613 mln in different crypto. Poly decided to keep in touch with the imposters and wrote them a letter:
Eventually, this worked and the hacker said that he was going to return the money anyway, and that this show was just to teach Poly a lesson. A very expensive one, we might say!
#1 Ronin Network — $615,000,000
The biggest loss belongs to the Ronin Network. It took place in March 2022. The hacker got access to 5 out of 9 transactions validators’ private keys. After that, he utilized it to make ETH and USDC withdrawals. The co-founder of the Axie Infinity, Jeff Zirilin, has noted this was one of the biggest hacks in history and added that the hacker might be de-anonymized soon. This case was worth $615 mln.
How to prevent DeFi hacks?
It’s always interesting to read about the crimes and intrigues happening in Crypto World, but it is also extremely important to know the ways of preventing such situations. So what can one do to avoid the DeFi hack?
There are a few key tips on preventing the attacks and thefts:
The safety of DeFi rests on the shoulders of both project teams and investors. It is important to keep an eye on every single detail of the network including the due diligence, regularly test the security and make audits. The tech projects have to pay a lot of attention to security updates and patches — this might help detect the vulnerabilities in advance and prevent the possible losses.
The majority of hacks happen because of the devs’ mistakes. Thus, the project headhunters might make a reminder note to consider the applicants’ portfolios, the quantity of implemented smart contracts and launched projects. The developers have to know how to act in case of any unresolved problem appearance and to foresee the possible vulnerabilities of the system.
However, it’s almost impossible to predict everything when you are launching a DeFi project. The cases mentioned above might as well help detect possible malicious actions.
Surely this article wasn’t written to scare and prevent anyone from investing into DeFi. Our main goal was to warn our readers about the consequences of being inattentive and indiscriminate while choosing a project to put your money in. Any network nowadays has its own vulnerabilities, even the safest one, and this is why we always recommend doing your own research before dealing with any financial investments. It does take time, but it saves your cash.
If you loved reading about DeFi, try to get acquainted with a CeDeFi system which you might haven’t heard about yet. Have a good time and stay safe!