Open in app

Sign in

Write

Sign in

DeFi Exploits: Trends & Patterns

Andre Costa
Web3 Magazine
Published in
4 min readAug 24, 2022

Blockchain & Web3 is the wild wild west, as volatile as ever, and even though new apps, platforms, and use-cases keep surfacing, so do Hacks that account for the loss of millions of dollars. Growth is always accompanied by pain, and the same is happening to Blockchain. Let us take a look at the trends & patterns in DeFi.

Cross-chain bridges are the most heavily impacted

Cross-chain bridges dominate the ranking of the largest exploits, including the three largest DeFi exploits yet: Ronin Network at $624M, Poly Network at $611M and Wormhole at $326M. The value secured by bridges is much higher than other types of protocols on average, with over $188M stolen per hack. This is because the nature of bridges require them to hold significant amounts of assets.

To bridge from one ecosystem to another, a user first deposits assets into a vault in the originating chain. These assets are locked up, after which equivalent assets are minted at the destination chain. The newly-minted assets function as an IOU, and can be burnt to unlock the assets on the originating chain. Since bridges hold massive amounts of these locked assets, the bridge protocols that control these vaults are highly popular targets for exploits.

CEX hot wallets, which also tend to hold large amounts of user funds, produce a similar pattern, with previous exploits including Bitmart at $196M, Ascendex at $77M and Kucoin at $45M.

While CEXs with strong security practices store most of their assets on cold wallets, some exchanges with less stringent policies leave a large portion of their assets on hot wallets, which are much more prone to exploits.

Amount of lost funds by protocol type

On the other hand, yield aggregators and lending protocols are the most common targets for exploits, but tend to have a lower amount lost per hack.

Number of exploits by protocol type

Largest attacks tend to be multi-chain

Many of the largest attacks take place across multiple chains, with cross-chain bridges and CEX hot wallets accounting for $2.2B in stolen funds, over 52% of the total exploited amount.

Following these large-scale multi-chain attacks, significant amounts of assets have also been lost on Ethereum, Ronin, Solana and Binance Smart Chain.

Ethereum and Binance Smart Chain have a long-standing DeFi ecosystem with consistently higher TVL than other chains. Both chains were also often the first ecosystems that new projects would launch on, which gave exploiters more potential vulnerabilities to experiment with. On the other hand, Ronin and Solana were the victims of major cross-chain bridge exploits, through which large portions of their ecosystem’s TVL were stolen.

Amount of lost funds by chain

Overall, bridges and CEXs tend to produce the largest losses per exploit, while yield aggregators and lending protocols were exploited more often. The largest exploits tended to be on projects that spanned multiple chains, or ecosystem bridges that hold a large portion of the chain’s total TVL.

Root causes

In general, root causes can be sorted into three broad categories:

  • Smart contract loopholes
  • Compromised private keys
  • Protocol frontend spoofing

Smart contract loopholes tend to be the most difficult risk to mitigate, as the attack vectors are extremely varied, and as such dominate in both metrics of exploited amount and number of exploits.

Compromised private keys generally produce a higher amount of loss per hack, as this is often the attack vector for larger pools of assets (such as bridges, CEX wallets or protocol treasuries).

Frontend spoofing is an attack vector that targets individual users rather than funds managed by the protocol. Typically this involves replacing the IP address of the real protocol website with a fake look-alike through methods like DNS cache poisoning.

The two main methods of managing risk: automated formal verification and DeFi security audits. Together, they form a path toward scalable risk detection and mitigation for smart contracts.

Interested in Blockchain & Web3? Check out my other stories:
WTF are CC0 NFT Projects?
https://medium.com/coinmonks/cc0-nft-projects-explained-6f87756e6743

WTF are ZkEVMs?
https://medium.com/@andreluque/wtf-are-zk-evms-7914277fa835

Exploring Decentralized Identity
https://medium.com/web3-magazine/exploring-decentralized-identity-did-bef626b07787

Defi
Hacking
Cryptocurrency
Blockchain
Web3

--

--

Andre Costa
Web3 Magazine

Written by Andre Costa

128 Followers
Writer for

Founder @ Terratecc | Building the best Blockchain & Web3 Brands. andreqc.com terratecc.com

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams