The decentralized finance (DeFi) industry has lost more than $ 1 billion to hackers in the last two months, and the situation seems out of control.
According to the latest statistics, about $ 1.6 billion of cryptocurrencies were stolen from the DeFi platform in the first quarter of 2022. In addition, over 90% of all stolen ciphers are from the hacked DeFi protocol.
These numbers highlight a dire situation that is likely to last for a long time if ignored.
Why hackers prefer the DeFi platform
In recent years, hackers have been stepping up their operations targeting DeFi systems. One of the main reasons these groups are attracted to this sector is the huge amount of money held by decentralized financial platforms. Top DeFi platforms process billions of dollars in transactions each month. Therefore, the reward is high for hackers who can make a successful attack.
The fact that most DeFi protocol code is open source makes cybersecurity threats even more vulnerable.
This is because open source programs are available for scrutiny by the general public and can be audited by anyone with an internet connection. Therefore, it is easy to find an exploit. This unique property allows hackers to analyze DeFi application integrity issues and plan robbery in advance.
Some DeFi developers contribute to this situation by deliberately ignoring platform security audit reports issued by certified cybersecurity companies. Some development teams are launching DeFi projects without extensive security analysis. This increases the likelihood of coding flaws.
When it comes to DeFi security, another dent in armor is the interoperability of the ecosystem. DeFi platforms are typically interconnected using crossbridges that enhance convenience and versatility.
While cross-bridges improve the user experience, these key code snippets connect large networks of distributed ledgers with varying levels of security. This multiplex configuration allows DeFi hackers to leverage the capabilities of multiple platforms to amplify attacks on specific platforms. You can also seamlessly and quickly transfer unobtained funds across multiple decentralized networks.
In addition to the risks mentioned above, DeFi platforms are prone to being disturbed by insiders.
Hackers use a variety of techniques to break into vulnerable DeFi boundary systems.
Security breaches are common in the DeFi sector. According to the 2022 Chain Analysis Report, about 35% of all ciphers stolen in the last two years are due to security breaches.
Many of them are caused by code errors. Hackers usually spend a great deal of resources finding systematic coding errors that allow them to carry out these types of attacks, and usually rely on advanced bug tracker tools to help with this.
Another common tactic used by threat actors to look for vulnerable platforms is to track networks where unpatched security issues have already been published but not yet implemented.
The hackers behind the recent wormhole DeFi hacking attack reportedly used this strategy, costing about $ 325 million in digital tokens. Code commit analysis revealed that the vulnerability patch uploaded to the platform’s GitHub repository was exploited before the patch was deployed.
This mistake allowed an intruder to forge a system signature and cast $ 325 million worth of 120,000 wrapped ether (wETH) coins. Hackers then sold wETH on Ethereum (ETH) for about $ 250 million. The exchanged Ethereum coins came from the platform’s settlement reserves, which led to losses.
Wormhole service acts as a bridge between chains. This allows users to use cryptocurrencies deposited in tokens wrapped throughout the chain. This is achieved by creating a token wrapped in a wormhole. This eliminates the need to directly exchange or convert deposited coins.
Recently: How blockchain archives can change the way wartime history is recorded
Flash loan attack
A flash loan is an unsecured DeFi loan that does not require a credit check. They allow investors and traders to borrow money instantly.
For convenience, flash loans are typically used to take advantage of arbitrage opportunities in the connected DeFi ecosystem.
Flash loan attacks target and compromise lending protocols using price-fixing techniques that create artificial price discrepancies. This allows malicious individuals to purchase assets at significantly discounted rates. Most flash loan attacks take minutes or even seconds to execute and involve several interconnected DeFi protocols.
One way for an attacker to manipulate asset prices is to target an attackable price oracle. For example, DeFi Price Oracle draws rates from reputable exchanges and external sources such as exchanges. For example, a hacker can manipulate the source site to trick Oracle into temporarily lowering the value of the target asset rate so that it can trade at a lower price compared to the wider market.
The attacker then buys the asset at a deflate rate and sells it quickly at a floating exchange rate. Leverage tokens earned through flash loans can be used to increase profits.
Some attackers were able to not only manipulate prices, but also hijack the DeFi voting process to carry out flash loan attacks. More recently, Beanstalk DeFi suffered a loss of $ 182 million after an attacker took advantage of the shortcomings of the governance system.
The Beanstalk development team included a governance mechanism as a core feature that allowed participants to vote for platform changes. This setting is popular in the DeFi industry because it supports democracy. The voting rights of the platform were set to be proportional to the value of the native tokens held.
An analysis of the breach revealed that the attacker acquired a flash loan from the Aave DeFi protocol and acquired approximately $ 1 billion in assets. This allowed us to win a 67% majority in the voting governance system and unilaterally approve the transfer of assets to our address. The perpetrator earned about $ 80 million in digital currency after repaying the additional charges associated with the flash loan.
According to Chainalysis, about $ 360 million worth of crypto coins were stolen from the DeFi platform in 2021 using a flash loan.
Where does the stolen code go?
For a long time, hackers have used centralized exchanges to wash away stolen funds, but cybercriminals are starting to throw them away for the DeFi platform. In 2021, cybercriminals sent about 17% of all illegal cryptography to the DeFi network. This is a significant increase from 2% in 2020.
Market experts theorize that the move to the DeFi protocol is due to a broader implementation of the stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) processes. This procedure undermines the anonymity required by cybercriminals. Most DeFi platforms have abandoned these important processes.
Cooperation with authorities
Centralized exchanges are also working with authorities to combat cybercrime more than ever. In April, the Binance Exchange played a key role in recovering $ 5.8 million in stolen cryptocurrencies, which is part of the $ 625 million stash stolen from Axie Infinity. The money was originally sent to Tornado Cash.
Tornado Cash is a token anonymization service that obscures the source of funds by fragmenting the links on the chain used to track the addresses of accounts.
However, some of the stolen funds were tracked to Binance by a blockchain analytics company. The loot was held at 86 addresses on the exchange.
In the aftermath of the incident, a spokesperson for the US Treasury Department emphasized that crypto exchanges that process money from blacklisted crypto addresses bear the risk of sanctions.
Tornado Cash also appears to be working with authorities to stop the transfer of stolen funds to the network. The company says it will implement monitoring tools to help identify and block embargoed wallets.
There seems to be some progress in the authorities’ seizure of Nick’s assets. Earlier this year, the U.S. Department of Justice announced a $ 3.6 billion crypto foreclosure and arrested two people involved in the washing of funds. This money was part of the $ 4.5 billion raised from the Bitfinex cryptocurrency exchange in 2016.
Cryptocurrency attacks were one of the largest ever recorded.
DeFi CEO talks about the current situation
Talking exclusively to Cointelegraph earlier this week, Eric Chen, CEO and co-founder of Injective Labs, an interoperable smart contract platform optimized for decentralized financial applications, can expect the problem to go away. Said.
“As more robust security standards are introduced, the tide continues to subside. With proper testing and more security infrastructure, DeFi projects can prevent common exploit risks in the future,” he said. Said.
Chen provided an overview of the steps his network is taking to avoid hacking attacks.
“Injective ensures a more tightly defined application-centric security model compared to traditional Ethereum virtual machine-based DeFi applications. Blockchain design and core module logic are reentrant, maximal extraction. Protects the Injective from potential exploits, common exploits such as flash loans. Applications built on top of the Injective can benefit from the security measures implemented in the blockchain at the consensus level. “
Recently: Cryptocurrencies are fully positioned for retail use due to increasing global adoption
Cointelegraph also had the opportunity to talk to Konstantin Boyko-Romanovsky, CEO and founder of Allnodes, an unmanaged hosting and staking platform, about increasing the incidence of hacking. About the main catalyst behind the trend, he said:
“No doubt, it will take time to reduce the risk of DeFi hacking. However, it’s unlikely to happen overnight. DeFi has a protracted racing feel. Everyone, including the founder of the project. Seems to be in a hurry. The market is evolving faster than programmers can write code. There are a minority of good players who take all precautions. “
He also provided insight into steps to help counter the problem.
“The code needs to be improved and smart contracts need to be thoroughly audited. That’s for sure. In addition, users should always be reminded of careful etiquette online. Identifying flaws is attractive. Can be incentives for healthier behavior across specific protocols. “
The DeFi industry is struggling to thwart hacking attacks. However, it is hoped that the tragedy can be curbed by increasing scrutiny from the authorities and strengthening cooperation between exchanges.