Yet another decentralized lending and algorithmic stablecoin protocol was hacked yesterday, stealing $ 3.5 million from the treasury through what appears to be a one-time exploit so far.
As a result, Nirvana Finance’s NIRV Stablecoin lost a peg — at the time of this writing it was 15 cents, and the ANA tokens used to maintain it have decreased by 80%. ANA was also used to provide collateral for NIRV loans. If it sounds familiar, it’s another decentralized finance (DeFi) algorithm stablecoin, terraUSD and its LUNA partner coin, which failed on a remarkable scale in May, costing investors $ 48 billion. Because it took.
reference: How Stablecoin’s $ 48 Billion Spreads and Collapses Throughout Cryptography
But that is the end of the similarity. CoinDesk slammed ANA / NIRV on Wednesday (July 27) to release $ 3.5 million worth of Tether’s USDT stablecoin to treasury wallets, while Terra UST performed on a loss-of-confidence basis Died in.
According to blockchain analytics firm Crystal Blockchain, DeFi hacks have become more frequent, with $ 4 billion lost, more than the $ 3.2 billion lost in centralized cryptocurrency exchange hacks. This is important given that centralized hacking data dates back to 2011 and DeFi data dates back to 2020. In fact, DeFi was almost non-existent before 2021.
Long-term crypto scams like the Ponzi scheme and Ragpur are the biggest losers, accounting for $ 7.3 billion of the $ 14.5 billion stolen in the last 12 years.
“The most common method of cryptocurrency theft by 2021 was the penetration of cryptocurrency exchange security systems. Now the trend is shifting to DeFi hacks,” Crystal said in the just-released Crypto & DeFi Hacks, Fraud & Scams Report. increase. “This can be explained by the fact that the technology is new and still has many vulnerabilities.”
More importantly, this technology is often rushed by developers who are eager to get started, without having to undergo expert code reviews. Updates are then made by voting performed by a controlled DAO (Decentralized Autonomous Organization executed by self-executing smart contracts).
learn more: PYMNTS DeFi Series: Unpacking DeFi and DAO
Isn’t it the fault of anyone?
DeFi’s staking and lending platforms, as well as decentralized exchanges (DEX), happen to have core strengths, which are their core issues. At least in theory, no one is responsible.
Read again: DeFi is a new big thing in cryptography. But what is it?Here’s everything you need to know
The way the DeFi project works is for someone to build a platform, start creating crypto tokens to be used there, and distribute them in some way. Often, this is an airdrop to early users and supporters as the platform gains momentum and developers and backers hold large numbers of tokens for themselves.
read more: DeFi Series: Very Realistic Risks of DeFi
The problem is that no one in the game has real skin. Yes, some DeFi projects come from reputable teams funded by venture companies. But still, the goal is to autonomy the project, which has other consequences such as money laundering prevention (AML) and the general lack of regulatory compliance, which some large projects do. I’m starting to add.
look: Federal Reserve Board, Bank of England Leads Responsibility for Global DeFi Regulation
In other cases, DeFi projects are built and launched by developers who hide their identity behind their Twitter or Discord account names. According to DappRadar, the No. 10 DeFi project (invested) with Total Value Lock (TVL) is Sushi Swap, a staking protocol with TVL of $ 1.38 billion. It was created by someone known only to its backers as Chef Nomi, who basically cut and pasted from a rival platform and added a way to monetize users and steal stackers.
Chef Noumi returned it all a few days later when the user shouted a foul, but earned most of the $ 14 million, Decrypt reported on September 11, 2020. When he gives up control, not as a scam. According to Crystal, many others have just received and executed the money.
However, SushiSwap prospered and became an early adopter of AML compliance, probably because of the bad taste left in people’s mouths first. Meanwhile, it was hacked in September 2021 on a scale of $ 3 million.
Read again: Top DeFiExchangeSushiSwap is built into the control as AML protection approaches
Another problem with DAO control is that it relies on managing pseudonyms, 1 token, and 1 vote. The problem is from speed (one DeFi project couldn’t patch the code leading to an 8-digit exploit because the smart contract had a one-week voting period for updates built into the language). It covers a wide range of fairness.
look: In DeFi’s brave new world, “ruthless” DAO governance aims to run a better company
In the case of MakerDAO, voters refused to indemnify the victims of the exploit, even if the project had available funds. In another example, voters received $ 100 million worth of airdrop tokens from someone who felt they played the system during a gift. And who is not responsible and many voters are anonymous and sue?
read more: DeFi Achilles heel on display: Voting can cost $ 100 million in cryptocurrency from investors
If things go wrong, the common phrase is “investigate yourself”. This blames victims such as coding flaws that more centralized projects may have found after paying for reviews.
These hacking numbers show that DeFi has a relatively common fundamental problem with technology. This is at your disposal and is magnified by the huge amount of money you can get. And there is a fair amount of cut-and-paste in the development of the DeFi platform, the idea is consistent with the basic innovation and confusion of cryptography, but with all the cost ideas, but steroids. ..
look: Why Techrec in 2022 Doesn’t Need to Mean Dot Com Crash Landing
And, as Karen Webster of PYMNTS recently pointed out, spending money on something different from what has been done without agreeing to existing technologies and processes creates a stable entrepreneurial ecosystem. It’s not a way to build.
But again, DeFi doesn’t really try to do that.
Subscribe daily for all PYMNTS crypto coverage Cryptographic newsletter.