Open in app

Sign in

Write

Sign in

DeFi Hacks on the Rise: Is There a Solution?

GMO-Z.com Trust Company
GMO-Z.com Trust Company
Published in
5 min readDec 19, 2022

In mid-December 2022, the TVL (total value locked) in the DeFi space is at $42.47 billion. This number peaked at $181 billion a year ago.

The high cash flow and relative immaturity of the decentralized finance sector make it promising to investors while also being vulnerable to various hacks.

DeFi hacks in 2022

DeFi has become a piece of cake for crypto hackers this year. For example, $718 million was stolen from the protocols in October alone across 11 different hacks. Eventually, October became the biggest month in the biggest year for hacking activity ever.

The scale and severity of crypto hacks have been rising, with the total loss figure already approaching the $3.2 billion loss in 2021. As reported by Chainalysis, hackers have gained over $3 billion from 125 attacks by October of this year. Some major steals are as follows:

Ronin Network

The Ronin Network, an Ethereum-based sidechain for the crypto game Axie Infinity, was scammed for over $625 million in ETH and USDC. In two transactions, the attacker used stolen private keys to fake withdrawals from the Ronin bridge contract.

Wintermute

Wintermute, a leading crypto market maker, experienced a hack in which $160 million was stolen from its decentralized finance unit. The hack was enabled by a defect in the Profanity tool, which exploited a weakness in the wallet’s key generation process.

Qubit Finance

According to security company Certik, the attacker used the deposit option in the QBridge contract to mint 77,162 qXETH, a “sort of” cryptocurrency used to represent Ethereum connected via Qubit. The attacker tricked the platform into believing they had made a deposit. After repeating the process enough times, they exchanged assets for BNB and disappeared.

Why are DeFi hacks increasing?

As you can see, the number of attacks and exploits in DeFi is significant and increasing yearly, month by month. Why so?

Wider DeFi adoption

The first and most obvious reason for the increase in attacks is that the DeFi industry has become an attractive target. As the sector’s user base expanded, hundreds of projects debuted, so there are simply more funds to steal. Cash flow is increasing, and attackers are well aware of this.

Inadequate regulatory and safety measures

According to Chainalysis, 8 out of 10 projects that fell victim to the largest exploits failed the security audit. A security audit includes a comprehensive analysis of the protocol code to identify errors and possible gaps in a smart contract. This usually happens before a project is launched and is a crucial security aspect in decentralized finance. With this threat assessment, developers can prevent potential attacks and reduce the risk for investors.

Vulnerabilities in smart contracts

Another adverse effect of DeFi’s rise in popularity is the massive influx of poorly designed projects. Attackers are not the only ones who have noticed the lucrative nature of decentralized finance. Many are keen to get involved in this thriving industry, and unskilled developers don’t seem to have any qualms about starting their own projects.

Cybercriminals are known to take advantage of the open-source code of DeFi protocols. It takes time for hackers to find critical vulnerabilities to exploit, and since incompetent developers create poorly built projects, it’s getting easier for them to find those vulnerabilities.

Technological complexity

The DeFi ecosystem includes various components. As the industry has evolved over the years, these components evolved along with it. The decentralized finance sector is committed to improving the ease of use and accessibility while delivering significant returns to users. More complex applications (such as cross-chain bridges) are prone to exploits, and potential downsides are easy to overlook.

Is there a way out of this problem?

Some blockchain analysis companies provide market insights and offer solutions to investigate hacking incidents and facilitate recovery. Thanks to this, the development team of Axie Infinity Sky Mavis returned a small part of the stolen funds.

Also, it is important to note the role of centralization in these hacks. The Ronin hack has re-ignited discussions about the need for true decentralization in DeFi. Centralized verification (a total of nine verification nodes) made the bridge vulnerable. After the attack, it became clear that decentralization is more than just a form of ideology but a practical necessity for blockchain security.

One of the key aspects of preventing cyber hacks in a DeFi project is to secure its “technical heart” — smart contracts. A scheduled smart contract audit of a DeFi project will go a long way in avoiding breaches as it helps developers identify vulnerabilities and fix them before hackers exploit them.

Undoubtedly, smart contracts have revolutionized the field of blockchain technology. The combined potential of smart contracts and blockchain can significantly impact almost all areas of society. Since blockchain transactions are irreversible, it is essential to ensure that the smart contract code is secure. The peculiarities of blockchain technology make it difficult to return funds and solve problems postfactum, so it is better to identify potential project vulnerabilities in advance with smart contract security audits.

In our next article, we will delve into one of the main targets for hackers this year: cross-chain bridges. We will discuss the role of these bridges, and the challenges and solutions Stay tuned!

Do you like this article? There are more to come!
Follow us and Subscribe to stay updated with our latest blog post.

More Stories:

📰 Non-USD Stablecoin: Market Potential and Regulation

📰 Algorithms Are Unreliable; Fiat-Backed is the Answer ~Part1

About GMO-Z.com Trust Company

Building Financial-Grade Digital Assets. The World’s First Regulated JPY-Pegged Stablecoin Issuer. Visit our website to learn more.

Disclaimer
This content is not financial advice and it is not a recommendation to buy or sell any financial instruments, FX trading, cryptocurrency or engage in any trading or other activities. You must not rely on this content for any financial decisions. Acquiring, trading, and otherwise transacting with financial instruments or cryptocurrency involves significant risks.

We strongly advise our readers to conduct their own independent research before engaging in any such activities.GMO Trust does not guarantee or imply that any cryptocurrency or activity described in this content is available or legal in any specific reader's location. It is the reader's responsibility to know the applicable laws in their country.
Cryptocurrency
Hacking
Defi
Crypto
Technology

--

--

GMO-Z.com Trust Company
GMO-Z.com Trust Company

Written by GMO-Z.com Trust Company

320 Followers
Editor for

Connecting traditional finance and blockchain technology for everyone. We issue GYEN, the first regulated JPY stablecoin, and ZUSD, a trusted USD stablecoin.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams