Facebook Pixel

Decentralized finance becomes new favorite target for hackers—research

The Decentralized Finance (DeFi) ecosystem is booming. Since the beginning of the year, its liquidity has grown from $22 billion to $260 billion. However, where there is innovation, there are risks. The DeFi industry has become "a tempting haven for hackers and money launderers." This is stated in the report of the research company Elliptic "DeFi: Risk, Regulation and the Rise of DeCrime."

The report summary:

  • DeFi users and investors have lost at least $12 billion in total due to theft and fraud;
  • the losses are growing rapidly amid the growing popularity of systems—today their amount has reached $10.5 billion (in 2020 it was $1.5 billion);
  • over the year, the number of fraud cases increased by 600%;
  • the main losses fall on DApps on Ethereum ($8.6 billion)—the most popular blockchain for DeFi now;
  • Binance Smart Chain ranks second ($2.5 billion in losses).

"The DeFi ecosystem is attracting a lot of people right now. Financial innovations are popping up there at the speed of light," Tom Robinson, an expert at Elliptic, says. "Considerable funds are invested in projects, but these are not always reliable and well-proven solutions. Attackers are taking advantage of this."

In response to these trends, the US Securities and Exchange Commission (SEC) entered into an agreement with analytical company AnChain.AI in August for a total of $625,000 to monitor and regulate the DeFi sector.

How exactly money is stolen in DeFi

Elliptic analyzed the causes of losses in Decentralized Finance. Most often these are technical errors and economic frauds.

The technical errors are when the hackers find bugs in the program code. For example, this happened with the platform Vee.Finance when it lost $35 million because of a hack.

The economic frauds happen when an attacker uses loopholes in the DeFi services. For example, a fraudster manipulates asset prices to take advantage of the arbitrage opportunities on the DeFi services. Another type of fraud are exploits with an "administrator key" (an exploit is a computer program or a sequence of commands that exploits vulnerabilities in software and is used to attack a computer system). There are other types as well.

What is Decentralized Finance

Decentralized financial services, or Decentralized Finance (DeFi) is the general name for analogues of the traditional financial instruments implemented in a decentralized architecture. That is, thanks to DeFi, people and companies carry out financial transactions directly with each other without intermediaries (including banks).

These services are publicly available, are open source projects and most often are based on the so-called smart contracts.

DeFi services and applications are built on public blockchains. They work directly with users through personal wallets and trading platforms.

The decentralized financial services include lending protocols, decentralized exchanges (DEX), prediction markets, synthetic asset and derivative issuance protocols, etc.

Since smart contracts can be susceptible to manipulation and exploits, independent auditing is required for all DeFi protocols.

The project MakerDAO launched in 2017 was one of the very first services of this kind. It allows one to get a loan in the stablecoin Dai (pegged to the dollar) secured by the cryptocurrency Ethereum.

MakerDAO, Compound Finance, and Uniswap are now considered the major players in the global DeFi market.

Examples of how Decentralized Finance works

Loan and lending—users can borrow a crypto asset by providing another one as collateral. The examples of the largest lending DeFi projects are: Aave, Compound, and Maker. In March 2020, due to a sharp market crash and a meltdown on the Ethereum network, many of the collateral controllers in the system Maker were unable to perform their functions. This allowed users to buy back collateral at a price close to zero. As a result, about 4 million Dai were unsecured.

Derivatives—derivative financial instruments in the DeFi environment can range from asset-backed tokens to decentralized oracles or p2p protocols for prediction markets. For example, Synthetix allows one to create synth assets based on fiat (real) money, goods, and other cryptoassets.

Insurance—the service Nexus Mutual offers its clients to pool and share risks through the so-called discretionary mutual insurance. The clients decide for themselves what claims are justified. All their decisions are recorded and executed using smart contracts on the blockchain Ethereum.

Decentralized Exchanges (DEX) are cryptocurrency exchanges that carry out direct peer-to-peer transactions. Uniswap is an example of such an exchange.

Payments—for example, the service Lightning Network focused on the bitcoin blockchain. In it, two or more participants who plan to make a transfer open a channel by depositing money. They can make as many transfers as they want, but without exceeding the total amount deposited.

Thank 🎉