Compound Finance is just one of the youngest victims of DeFi hacking incidents in 2021. On September 30, its flawed distribution token bug under Proposition 062 exposed a bug in which $ 70 million to $ 85 million in token Comps in excess were incorrectly distributed to users.
Nevertheless, A few days later, another $ 65 million was placed in a vulnerable vault, putting at least $ 150 million in COMP tokens at risk. But while Compound was able to fix the entire situation, it shows how vulnerable the decentralized financial sector (DeFi) can be at times due to its origins.
Last year, the Total Locked Value (TVL) in DeFi was only 5% of its current value: $ 255 billion. The change marks an explosive growth of 1686%. Even with the Compound debacle, and more recently the platform The decentralized trading company BXH withdrew $ 139 million in an attack due to a leaked admin password, the TVL even rose by 14.27% last month.
One of the reasons investors have turned to DeFi protocols is to seek higher returns. The 2020 lower rates lacked a clear framework to hike, leading investors to look for other ways to get their money. Locking crypto assets to DeFi protocols and providing liquidity for such services has become an attractive option as it offers more attractive returns. What followed was a high yield farming boom in 2020 that lasted until this year.
DeFi’s growing popularity is a double-edged sword for the youth sector and for the entire crypto space as a whole. Since 2012, According to Chinese cybersecurity firm Slow Mist, there have been 534 blockchain hacking incidents, of which 169 will happen in 2021 alone. Hacks are becoming more and more sophisticated and target different areas of the room.
Nevertheless, the biggest hack ever to take place took place in 2021 and was carried out by an unknown hacker on Poly Network’s cross-chain protocol. The result was the equivalent of $ 610 million in stolen tokens that beat MtGox and Coincheck. The attack raked in around $ 273 million from the Ethereum network, $ 85 million in USD Coin (USDC) from the Polygon network, and $ 253 million from Binance Smart Chain. It also removed significant amounts of renBTC, encased bitcoin (wBTC), and encased ethers (wETH).
The Poly Network incident is one of many cases of DeFi hacks in 2021. Poly Network was lucky enough to get all the funds back. Cream Finance, on the other hand, was not so lucky. The decentralized credit log comes in a distant second, and the attack, which happened twice this year, wiped out nearly $ 150 million and is still trying to recover. Overall, the total amount of money lost to blockchain hacking this year is nearly $ 7 billion, up from $ 2.5 billion year over year.
Poly Network, Compound and Cream Finance were in the top three for the size of funds involved ($ 906 million total). Like Cream Finance, there are other notable logs where exploits occurred more than once in the same year, such as THORChain and Value DeFi.
In addition, Merlin Labs, a performance optimizer built into BSC, although insignificant at $ 1.5 million compared to the affected monies of the other victims, was attacked three times, first twice in the same week and again once a month. It is also surprising that Hacken audited him 11 days before the attack.
Security experts recommend reviewing a smart contract, usually by independent auditors. An audit could help identify and possibly fix intelligent vulnerabilities in the code and check the reliability of smart contract interactions.
Kava Labs CEO Brian Kerr told Cointelegraph in May 2020 how important it is for anyone who wants to use a DeFi protocol to first review audits and peer reviews.. But even then, it warns of the associated technical and market-related risks, since the industry is still new.
Of the projects that fell victim to attacks this year, only around 15 DeFi logs from the 40 people affected were audited.. It is worth noting, however, that the funds affected by the protocols audited were significantly lower than those not audited. In each of the audited companies, the amount of damage was almost 60% lower than in the unaudited ones. Overall, 20.3% of the funds affected in all the hacked logs this year came from audited logs, while 79.67%, or about $ 1.3 billion, came from unaudited logs.
The four most common reasons DeFi logs are hacked are coding errors, developer incompetence, misuse of third-party protocols, and business logic errors.. The most common, and possibly the most dangerous, is developer incompetence, which is also a direct result of coding errors. Under-rated developers who rush to launch a project without rigorous third-party review could be more vulnerable to security vulnerabilities.
Because of this, there is ongoing pressure in the industry for some additional measure to improve security protocols. Audits, especially smart contract security audits and secondary audits, are just two ways to do this. As Kerr said, an investor’s technical diligence is also warranted when analyzing a DeFi log prior to investing.
The light at the end of the tunnel, however, is that these hacks could be essential to moving the DeFi sector forward. John Jefferies, CipherTrace’s chief financial analyst, told Cointelegraph in August that such crimes will accelerate the adoption of the Know-Your-Client, or KYC, process, especially with decentralized exchanges or DEX, which are responsible for soliciting government agencies Approval can be crucial.
As DeFi matures, particularly with the emergence of Layer 1 blockchains competing with Ethereum, recent hacking events may be just the tip of the iceberg and poorly designed and unchecked protocols might be a work in progress.
Cointelegraph’s Market Insights newsletter shares our insight into the fundamentals that drive the digital asset market. The newsletter covers the latest data on social media sentiment, on-chain metrics, and derivatives.
We also review top industry news, including mergers and acquisitions, changes in the regulatory landscape, and blockchain integrations in companies. Register now to be the first to receive this information. All previous editions of Market Insights are also available on Cointelegraph.com.