Unlike in previous years, crypto messages were not dominated by major exchange hacks and million dollar thefts of Bitcoin in 2020. There were a few, however, and most of them came from the nascent decentralized financial sector.
DeFi was one of the players in the dynamics of the cryptocurrency market in 2020 and it goes without saying that the burgeoning financial landscape has been a magnet for scammers and hackers. The largely unchecked smart contracts combined with cloned code were a recipe for vulnerabilities and exploits that often resulted in the theft of millions of dollars in digital assets.
A November 2020 CipherTrace report indicated this In the first half of the year, DeFi accounted for 45% of all thefts and hacks, resulting in more than $ 50 million in losses. That number rose to 50% of all thefts and hacks in the second half, according to the report. Dave Jevans, CEO of CipherTrace, warned of possible regulatory action in an interview with Cointelegraph: “DeFi hacks will account for more than half of all cryptocurrency hacks in 2020, a trend that is attracting the attention of investors. Regulators”.
He added that regulators are most concerned about the lack of compliance with anti-money laundering rules: “Funds stolen from the biggest hack of 2020, the $ 280 million KuCoin hack, were laundered using DeFi protocols.”. Jevans also believes that 2021 will provide clarity to regulators about what action the DeFi protocols are likely to take to avoid the consequences of violating AML, capture the flag and possible penalties.
Exchange hacks in 2020
The KuCoin hack came in late September when the exchange’s CEO Johnny Lyu confirmed that the raid affected the company’s active Bitcoin, Ethereum and ERC-20 wallets after private keys were leaked.
In early October, KuCoin announced that it had identified suspects and officially involved law enforcement agencies in the investigation. In mid-November, the Singapore-based exchange said it had reclaimed 84% of its stolen cryptocurrencies and resumed full service for most of its tradable assets.
There have been other exchange hacks this year, but KuCoin was the biggest. In February, Italian exchange Altsbit lost almost all of its money in a $ 70,000 hack and there were several other minor breaches of the cryptocurrency exchange. By October 2020, up to 75 centralized exchanges had been closed for various reasons, including hacking.
DeFi 2020 hacks and exploits
With billions of dollars pouring into DeFi logs and yield farms, the burgeoning landscape has become a hotbed for hackers. The first major foray of 2020 took place on the DeFi bZx lending platform in February when two flash loan exploits resulted in a loss of nearly $ 1 million in user funds.. A flash loan is when cryptocurrency collateral is borrowed and repaid within the same transaction.
bZx has frozen trading to avoid further losses. However, this sparked a wave of criticism from industry watchers who claimed it was ultimately a centralized platform and could mean the “death of DeFi”.
Markets crashed in March causing numerous collateral liquidations, particularly for Maker’s MKR token, but these weren’t hacks. The next of them came the following month when a disguised version of Bitcoin called imBTC was attacked using what is known as the standard token re-entry method ERC-777. The attacker was able to suck out a pool of Uniswap’s liquidity for its entire value, which at the time was valued at $ 300,000.
In April, all liquidity was withdrawn from the Chinese credit platform dForce using the same exploit. The hacker repeatedly increased his ability to borrow other assets and raised around $ 25 million in funding.
In June, An exploit has been discovered in Bancor’s smart contracts that resulted in lost of up to USD 460,000 in tokens. DeFi’s automated market maker said it had implemented a new version of the smart contract that addressed the vulnerability.
Balancer was the next DeFi protocol to be mined for a sum of $ 500,000 in packaged ether that was stolen from its liquidity pools by a well-planned arbitrage attack. A series of arbitrary flash loans and token exchanges were launched to attack a security flaw that Balancer’s team appeared to be aware of.
It’s less of a hack than another exploit, but bZx made the news again in July with a dodgy token sale manipulated by bots placing buy orders on the same block that marked the start of the token generation event. The attackers took in nearly half a million dollars in price increases.
Option protocol DeFi Opyn was the next victim in August when hackers took advantage of its ETH put contracts worth over $ 370,000.. The exploit allowed the attackers to “train twice” Ethereum put or tokens and steal the collateral. Opyn made around USDC 440,000 from outstanding vaults using a white hat hack and effectively returned those to put sellers.
Once again, it was not a direct hack, but a code error in an unchecked smart contract from Yam Finance that caused the governance token to be exceeded, which led to a price drop in mid-August. Protocol had to turn to the DeFi Whales to save it by voting to restart as version 2.
When the sushi is rolled out
The SushiSwap saga began at the end of August and the terms “vampire degradation” and “carpet drawing” were coined. The anonymous protocol manager and cloner “Chef Nomi” sold SUSHI tokens worth $ 8 million, which caused the token price to collapse. A few days later, the log was saved by the CEO of the FTX exchange, Sam Bankman-Fried, who handed control over to a consortium of DeFi whales via a multi-signature smart contract. Eventually, all funds were returned to the developer’s fund.
The tugging of carpets, or “pump and dump” as it was called during the previous altcoin boom in 2017, continued with a number of DeFi clones including pizza and hotdog. The token prices for these food farms rose and fell within hours and sometimes even minutes.
In mid-October, hordes of “degenerate farmers” or degens, as they were called, were hoarding money in an unchecked and unpublished intelligent contract from DeFi protocol founder Yearn Finance Andre Cronje.. The Eminence Finance deal lost $ 15 million when it was hacked just hours after Cronje posted teaser on Twitter about the new “Multiverse of Games”. The hacker returned around $ 8 million but kept the rest and led disgruntled traders to take legal action against Yearn’s team for losing money.
A demanding one at the end of October A lightning loan arbitrage attack on the Harvest Finance log resulted in the loss of $ 24 million worth of stablecoins in about seven minutes. The attack sparked a debate over whether these system design exploits could be viewed as hacks.
November was a particularly painful month for Akropolis, which had to “pause” protocol as hackers took DAI stablecoins worth $ 2 million. The Value DeFi protocol lost $ 6 million in an all-too-common flash credit exploit, the profit-generating stablecoin project Origin Dollar was breached and lost $ 7 million, and Pickle Finance suffered a collateral loss in a sophisticated exploit $ 20 million from “bad mug”.
One that broke the form of exploitation of the system was a personal attack on a person in mid-December. Hugh Karp, founder of the Nexus Mutual DeFi Protocol, lost $ 8 million from his MetaMask wallet when a hacker managed to infiltrate his computer and forge a transaction. These types of attacks are generally less common because they involve some level of social engineering.
The last reported Flash credit attack of the year was a $ 8 million raid on Warp Finance on December 18.
Many retailers and investors have phishing attempts as well, and Ledger hardware wallet owners were also attacked in 2020 after the personal information of around 272,000 Ledger shoppers was hacked.
The battle to strengthen DeFi
Most of the smart contracts and flash loan exploits in 2020 will be designed to empower the burgeoning financial ecosystem as it evolves. Smart new DeFi protocols are likely to emerge in the next year, but as always, scammers, hackers, and cybercriminals will improve their game to stay ahead of the curve.
It takes a lot of vigilance and attention to delve into today’s world of DeFi, but it has come a long way in such a short amount of time, and the decentralized financial landscape of the future is constantly evolving.