As a relatively new technological breakthrough, there has been a lot of buzz about blockchain and its capabilities. Series of trials have been ongoing to uncover this technology, and decentralized finance(DeFi) is one result of such trials.
DeFi is a nouvelle area that became popular in the year 2021. It is a collection of financial applications geared toward solving financial problems using blockchain technology. It aims to decentralize banking power for better output and better user satisfaction. In this way, it gives people the power to manage their finances themselves instead of depending on central authorities alone as in banks. In other words, DeFi is out to disrupt mainstream banking and strip it of its cloth.
Just as the Internet, automobiles, and a host of other new technologies were exploited by bad actors in their early years, young DeFi has also been exploited by similar bad actors.
There are so many instances of Defi hacks and heists but some stand out. We will duly look at these prominent few. Before we do that, let's examine the benefits of DeFi
The benefits of decentralized finance
Since the DeFi was built as a means to eliminate intermediaries and centralized controls, there's been a lot of benefits for both customers and investors. DeFi is seemingly making the financial markets more accessible to institutional investors and creating new investment opportunities targeted to take it to the next level. These are some of the highlighted benefits of DeFi
Permissionless
Defi relies mainly on decentralization which is the basic nature of blockchain, and this helps in eliminating middlemen or intermediaries from transactions. With Ethereum being a permissionless public blockchain and the second-largest blockchain protocol, its transactions are fully decentralized and readily accessible to anyone interested in either utilizing or building a DeFi protocol. Not only Ethereum can achieve this, other blockchain networks can as well incorporate DeFi.
Also, the permissionless nature of the Blockchain technology in DeFi makes it interoperable and it's for all kinds of third-third party integrations.
Lending and Borrowing Applications
DeFi's lending and borrowing solutions have been of great use to users as it fosters the use of peer-to-peer transactions. These lending and borrowing DeFi platforms are faster, easier, and readily accessible. An example of a lending and borrowing solution is Compound, a platform that allows lenders to provide crypto assets to a specific number of pools as lenders in turn will receive interest on the paid back assets by borrowers.
Immutability
Immutability is an essential requirement for the DeFi landscape to assure security through the use of consensus algorithms like Proof-of-work and cryptography. With immutability, It is difficult to manipulate any record on the blockchain hence, ensuring that DeFi financial transactions are secured.
Also, with DApp, a blockchain-based application that allows users to interact with smart contracts deployed on the blockchain, it becomes difficult for fraudulent transactions to occur.
Transparency
Transparency is one of the core attributes of a decentralized platform. DeFi transparency helps both investors and users identify potential harmful practices and scams. DeFi applications audit makes it easy to identify when changes are made to a transaction, how it was done and the time since the network's data is available for everyone to see.
In addition, the cryptographic concept of blockchain ensures that transaction records are authenticated therefore, it becomes difficult to compromise the integrity of the financial ecosystems.
The lapses or challenges faced by DeFi projects
Apart from the benefits DeFi has, there are a couple of challenges associated with the platform and most of these problems can be linked to the technologies they are built on. Here are some of the critical setbacks associated with DeFi.
Scalability problem
One of the setbacks of DeFi projects is scalability and this is caused by the host blockchain. From various perspectives they fall under these categories; transactions being too expensive when there is congestion and the length of time it takes to confirm transactions. An example is Ethereum. Only 13 transactions can be processed per second which is different on centralized platforms that process thousands of transactions per second
Smart Contract Problems
Since smart contracts are deployed to carry out a set of instructions on the blockchain, it is important to pay attention to them. If the developer spends the wrong code on a DeFi protocol then, it may lead to a loss of assets although sometimes these errors are unknown
Uncertainty problem
These uncertainties and instabilities are caused by the blockchain the DeFi project is hosted on. An example is Ethereum mistakes, migrating from its PoW consensus to the Eth 2.0 PoS system which is capable of bringing risks to several DeFi protocols.
Shared responsibility problem
The risk of DeFi projects not taking responsibility for users' mistakes is a problem since it has no tool to prevent such mistakes from happening hence, leading to a total loss of funds for users when they make mistakes.
Over-collateralization problem
Over-collateralization happens when the value of the staked asset of a borrower is higher when compared to the loan amount itself. Also, DeFi projects have high collateralization so they can be able to counter the removal of constraints like credit rating. Since DeFi loans are collateralized with other crypto assets, borrowers cannot be held accountable if they are unable to pay back a loan.
6 Biggest DeFi Hacks and Heists
DeFi is still a new project and one cannot completely have all the solutions in terms of security; this has led to several hacks and heists over the years. Let's have a look at these Hacks and Heists
CREAM FINANCE
Cream Finance is a multi-chain lending protocol that experienced a $130 flash loan attack from its Ethereum-based liquidity pools. This isn't the first attack but the third after the platform lost $19 million in a flash loan attack.
With Flash loans, you can get instant loans, provided you pay them back in the same transaction but the hackers took advantage of vulnerabilities in the DeFi protocols.
However, the information on its platform mentioned only Ethereum pools, which seemed like the attack was targeted only at Ethereum pools.
https://twitter.com/CreamdotFinance/status/1453377073699983366?t=hfR3_bTeY1otCMUtKTgFRg&s=19
COMPOUND FINANCE
Compound Finance is an Ethereum-based lending and borrowing protocol with a total value locked (TVL) of around $10 billion. It is one of the biggest DeFi protocols among others.
Compound lost $80 million dollars to users as the protocol paid out huge sums in its native cryptocurrency COMP to users who provided only a little amount of collateral in ETH, USDC, and DAI.
The error was blamed on the protocol’s smart contract for being the cause of the malfunction after the protocol was updated. The bug occurred in two of its vaults, on the smart contract. Users called a specific function—drip()—on the Reservoir vault, in turn, it would refill another vault, Comptroller. That vault distributed large amounts of COMP to the wrong addresses.
Compound’s CEO, Robert Leshner, went on Twitter, requesting recipients of the funds to return them and promised 10% of the amounts as a reward for returning, and also threatened to report non-responders to the IRS.
https://twitter.com/rleshner/status/1444043076176056324?t=0mWxAkPKOk2cK4sl6XB_sg&s=19
Although some funds were recovered, the amount wasn't mentioned.
POLY NETWORK
Poly Network is a cross-chain protocol used to implement blockchain interoperability and build Web3.0 infrastructure. A smart contract on the platform was hacked by attackers and a transfer of $610 million to their addresses on Ethereum amounting to $273 million, BSC $253 million, and Polygon $85 million was made.
The official tweet
https://twitter.com/PolyNetwork2/status/1425073987164381196?t=aaLL2QYQXuyztKYSBlvGhw&s=19
After Poly Network appealed to the hacker to return the funds, on August 11, the hacker returned around $260 million.
The hacker later contacted Poly Network and introduced himself as Mr. Whitehat assuring the platform that he would return the entire funds. He stated that his actions were to show the vulnerability of crypto platforms.
On August 12, the hacker Mr. Whitehat made contact with Poly Network to introduce himself. A day later, Mr. Whitehat assured the platform that he would return all the remaining funds, and that he only wanted to show the vulnerability of crypto platforms. The company offered to give him the sum of $500,000 and make him the Chief Security Advisor (CSA) but the hacker turned down both offers and later returned the entire funds stolen on August 23, 2021.
bZx Protocol
bZx Protocol is an Ethereum-based DeFi lending protocol where users borrow, lend, and margin trade without relying on third parties. This multi-chain lending was hacked in November 2021 after a private key was compromised, losing the sum of $55 million on Binance Smart Chain and Polygon.
https://twitter.com/SlowMist_Team/status/1456636791704850433?t=SVb_rn07h67MxTCOBIpmdQ&s=19
The protocol has been hacked twice before now in February 2020, when its margin-trading platform Fulcrum was attacked and a hacker stole 1,300 wrapped ETH, worth $366,000 at that time.The second attack happened in September 2020, and the bZx protocol lost $8 million of its funds locked into its vaults
MEERKAT FINANCE
Meerkat Finance is a Binance Smart Chain-based lending protocol that has the largest ecosystem on Cronos with its DEX, Yield Optimizer, NFT, Algo Stablecoin, and DTF.
After it was launched in March 2021, this DeFi protocol lost $31 million. Although, users of the project were rug-pulled by the protocol’s developers after their official Twitter account and website disappeared. The attacker ran off with $13.96 Busd and 73,000 BNB
VEE FINANCE
Vee Finance is a lending platform, built on the avalanche network to bridge the gap between traditional banking and crypto Defi earn on deposited assets both fixed/flexible.
A week after Vee Finance celebrated its milestone in September 2021, with $300 million in the total value of assets locked, the attacker created several trading pairs on Pangolin by providing liquidity and placed leverage on Vee Finance. This enabled the attacker to run off with the sum of $35 million in crypto assets
The protocol demanded a refund of part of the funds being part of a bug bounty program but the attacker did not respond.
https://twitter.com/VeeFinance/status/1440217570339016704?t=U9bYxrzdXvKk3nx_X1mD-A&s=19
Possible security solutions for DeFi assets safety
To stop experiencing these Hacks on DeFi protocols, we've put together some security solutions to help your DeFi assets stay safe
1.Manta Network, a privacy layer for Polkadot. Crypto veterans, researchers, and scholars founded the network and it allows the minting of private tokens with stable coins and other base tokens at a 1:1 ratio. Manta Network is directed towards the scalability, privacy, ease of use, and Liquidity in DeFi services. Its product suite includes a fully decentralized privacy payment and token exchange protocol.
With its zk-SNARK end-to-end, anonymity is guaranteed and it also maintains a high communication level and cross-chain interoperability based on the Substrate framework. It uses cryptography to provide security and integration for stablecoins.
2. RSK Network is a highly secure smart contract network built on the Bitcoin Network. RSK provides smart contract functionality to the Bitcoin network, by allowing dApp developers to deploy smart contracts on its secure blockchain. Its core engine is a forked version of Ethereum Virtual Machine (EVM) and RSK Virtual Machine (RVM), which makes it compatible with Ethereum-based smart contracts.
RSK Network is majorly built for the Bitcoin network, and it supports DeFi apps and protocols that leverage the security and scalability features of the Bitcoin network. Notably, RSK supports both Solidity Smart Contracts and other Ethereum-based APIs.
Concluding thoughts: The future of DeFi hacks
With the rate at which new DeFi projects are rapidly entering the market and a huge amount of crypto assets locked in DeFi protocols, it is important to pay close attention to the technology of the host blockchain so that these attacks don't keep on reoccurring.
Project initiators are advised to take note of those errors in other Defi protocols and ensure they build projects that will be impossible for hackers to take advantage of as they continue to stay SAFU.
