- According to recent data, DeFi hacks totaled over $ 1.2 billion in the first quarter of this year, well above the first quarter of 2021.
- Security in the DeFi sector looks dark, but Immunefi’s CEO told Blockworks that things are improving.
According to the DeFi bug bounty platform Immunefi, hacks into decentralized finance protocols have increased nearly eight-fold compared to the first quarter of last year.
In the first quarter of this year alone, more than $ 1.22 billion was identified as stolen or rugged from emerging protocols. That’s a 7.9-fold increase compared to about $ 154.6 million of funds stolen during the same period in 2021. According to a survey of Immunefi’s quarterly cryptocurrency reports.
More than 77% of the $ 1.22 billion figure comes from the March Ronin Network’s $ 625 million hack (Ethereum linkside chain used in the blockchain game Axie Infinity) and the February blockchain bridge Wormhole. It was due to a $ 326 million hack.
The numbers may look bad on the surface, but Immunefi said it’s not as bad as it looks.
“The most important thing to remember is that things look bad, but they’re actually getting better and better in terms of security,” Immunefi CEO Mitchell Amador told Blockworks in an interview. ..
“Auditing has become a stronger standard and all DeFi projects are being audited. Formal text verification is becoming the number one standard. Almost everyone is running a bug bounty program,” Amador said. Mr. says.
In the second quarter of this year, we saw less serious hacks on the protocol. According to Amador, the $ 100 million theft of Harmony’s cross-chain bridge horizon and the $ 180 million loss of the algorithmic Stablecoin protocol Beanstalk were extraordinary.
“We haven’t seen any dramatic events of any kind,” Amador said in comparison to the ongoing liquidity crisis, creditor transmission, and sector-related layoffs affecting the wider industry. I did.
“There were some close calls about what could happen. Bug reports about consensus vulnerabilities seen in the Layer 1 blockchain, all of which were successfully patched,” Amador said. He added.
But despite progress, the threat has not diminished.
“this [continuous hacks] It’s basically an unsolvable problem, “said Immunefi, CEO. “We knew things were going in this direction. Volatility was part of the cryptocurrency and the amount of inflow was going to increase. The number of people with skills will increase, it’s I need an exit. “
But compared to global trends, even billions of dollars are a reduction in proof buckets.
A recent estimate of global losses from payment fraud alone is approximately $ 32.4 billion. The global fraud detection and prevention market is on the order of $ 25 billion this year. It’s not the injustice itself, it’s just trying to stop it.
Overall, cybercrime will cost about $ 6.9 trillion worldwide in 2022, according to consultant Cybersecurity Ventures. So even if DeFi abuses a net $ 3.5 billion by the end of the year, it’s equivalent to 0.05% of the world’s cybercrime traffic.
Immunefi sees its business and function as a type of human immune system that fights viruses and has grown to become the sector’s largest bug bounty platform, rewarding white hat hackers to identify vulnerable code.
White hats, in contrast to black hats, seek to raise rewards by identifying security vulnerabilities in a particular project and highlighting them. Black hats, on the other hand, are malicious and are often involved in theft.
Immunefi’s bug bounty program gives white hats the opportunity to receive rewards (over millions of dollars). Review the code for potential bugs in scope, submit your findings and receive rewards.
The platform for less than two years states that it will protect the platform that houses crypto assets worth more than $ 100 billion from Polygon, Chainlink, SushiSwap and others.
When asked about potential bugs and vulnerabilities that were overlooked due to the narrow scope of the bug bounty agreement, Amador’s only way to address this issue is to expand the bounty program as much as possible. I said there is.
“You can’t get rid of it completely [missed bugs] But you can partially get rid of it by considering prioritizing impact rather than out of or within range, “he said. “Most of these projects care about material effects.”
Deliver the day’s top cryptocurrencies and insights to your inbox every night. Subscribe to Blockworks’ free newsletter now.