Top 10 DeFi Hacks. Blockchain applications are used in decentralized finance (DeFi) to eliminate traditional intermediaries from the financial services ecosystem. Even though DeFi has brought about considerable advancements in accessibility, some are worried about the risks of DeFi attacks.
In what ways do these worries regarding DeFi security manifest? There was a $1.5 billion loss due to DeFi theft in 2021. Nearly $1.4 billion in losses were caused by DeFi hacks in the first few months of 2022. Keep in mind that DeFi isn’t just another fad in tech. Indeed, it represents the future of the financial environment in a whole new light.
The magnitude of user financial losses amply demonstrates the importance of DeFi security. Thus, it is critical to investigate the leading DeFi hacks and find ways to stop them. Protective measures against DeFi hacking must be effective for the technology to be widely used. This article will review some of the most common DeFi vulnerabilities and how hackers exploit them. Also, consider how important it is to keep DeFi protocols and tokens secure.
Why Should You Learn about DeFi Hacks?
The growing number and severity of assaults against decentralized financial systems have recently led to widespread criticism of the sector. Users may be hesitant to embrace DeFi protocols due to fears about exploits. Cryptocurrencies were the original focus of DeFi, but the domain has now grown to include decentralized applications (dApps) for staking, lending, and borrowing, in addition to decentralized exchanges.
The entire worth of assets secured by DeFi protocols was $53.73 billion as of September 2022. Nearly $2.32 billion had been lost as a result of DeFi breaches by this point. The cumulative impact of all these DeFi attacks has been devastating, hitting the industry 50% harder than in 2021 because of the enormous volume of losses.
Another concerning element of DeFi hacks is the slow but steady decline of TVL in the DeFi industry. By November 2022, the TVL in DeFi had dropped to $41.54 billion, as reported by DappRadar. When we look back at 2021, the TVL projection was more than $110 million, which indicates a significant drop. A common explanation for the decline in TVL cites the recent crash in stablecoin value.
Top 10 DeFi Hacks: Alternatively, TVL could be reduced for various reasons, one of which is the financial losses that have occurred due to DeFi protocol and token vulnerabilities. Popular DeFi protocols have been the focus of some of the most widespread DeFi hacks. Mistrust in DeFi’s viability as a substitute for conventional financial services may spread after losses caused by DeFi exploits. Hackers are interested in DeFi because of its value, which is essential. To prevent unintended repercussions from security holes in DeFi protocols, it is crucial to know DeFi hacks.
How do Hackers Exploit DeFi?
Before diving into a DeFi hacks list, it is essential to identify how hackers exploit DeFi protocols. What could be the potential causes for vulnerabilities in DeFi?
- The foremost source of vulnerability in DeFi refers to its open-source nature, which exposes the code to everyone. While the open-source nature ensures the benefits of transparency, it also opens up multiple avenues for hackers to exploit the protocols.
- Another common cause underlying DeFi attacks refers to the principle of composability, which exposes DeFi protocols to external exploitation.
- The following reason for vulnerabilities in DeFi is the pace of launching.
- Developers tend to ignore vulnerabilities and errors when launching their protocol before competitors.
Hackers can exploit these vulnerabilities and gain unauthorized access to the assets of DeFi users. How do DeFi hacks happen? The assessment of various DeFi hacks could showcase some possible ways hackers compromise DeFi protocols. Some of the standard methods for DeFi hacks include the following,
Oracle Manipulation
DeFi protocols use the Oracle smart contract to access external data, which is vulnerable to manipulation by hackers. Token price details can be changed as part of a standard Oracle manipulation hack.
Smart Contract Logic Errors
One of the most apparent reasons for a DeFi exploit is the pressure on developers to release DeFi protocols faster than they should, which leads them to overlook minor flaws and mistakes. Since the source code for the DeFi protocol would be publicly available, hackers may examine the smart contract code and find vulnerabilities to exploit.
Reentrancy Attacks
Another standard method followed in DeFi hacks points at reentrancy attacks. Such attacks involve an intelligent contract calling an untrusted contract externally without resolving it.
Most Popular DeFi Hacks
Among the most significant dangers to the community are DeFi vulnerabilities. The ever-expanding list of DeFi hacks affects the startups’ reputation and apparent cash losses. Understanding the following top hacks in the DeFi landscape requires careful examination of their details.
Ronin Network
The popular play-to-earn game Axie Infinity has a sidechain built on Ethereum called Ronin Network. More than $625 million worth of ETH and USDC were stolen in a hack. A better grasp of the hack can be achieved by familiarizing oneself with the inner workings of the Ronin Network. For those who like to play Axie Infinity without getting their hands dirty with the Ethereum network, Ronin is the way to go. One efficient way for participants to send Ethereum to the Axie Infinity network was via the Ronin Bridge.
Top 10 DeFi Hacks: An attacker penetrated the Ronin Bridge and created phony withdrawals, making it one of the top DeFi attacks. The hacker made two separate withdrawals using the stolen secret keys. The perpetrator illegally took control of five validators necessary for the Ronin Bridge to release payments. Axie Infinity did not disclose the vulnerability for nearly seven days, even though it occurred on March 23. One of the largest hacks in DeFi history occurred when an attacker gained access to around 25.5 million USDC and 173,600 ETH.
Nomad Bridge
The Nomad Bridge hack is next on the list of the most famous DeFi hacks. The cross-chain bridge—which facilitates the exchange of Ethereum, Moonbeam, Avalanche, and Evmos—was breached, and hackers made off with about $190 million. Curiously, the assault on Nomad Bridge did not happen in a single or even a couple of transactions. The assault, which included 1,175 attacks, was groundbreaking since it was one of the first instances of numerous hackers using the same exploit. A security hole in Nomad’s code was found during an upgrade, allowing an attacker to take advantage of a part marked legitimate for all transactions.
Once the initial hacker discovered this hole, other imitators wasted little time filling it. Each imposter used their address instead of the original hacker’s and duplicated the transaction call data. The hackers then took more money out of the platform than was deposited. Curiously, once the Nomad team asked for the money back in an open message, a few white hat hackers returned about $30 million.
Wintermute
A DeFi hacks list also includes the Wintermute breach, which caused about $160 million in losses. To lower transaction costs, Wintermute generated unique addresses using an address-generating program. These were 32-character vanity wallet addresses. The process for regenerating the private keys in an address is vulnerable to any hacker with the appropriate tools.
There is strong evidence that vanity addresses caused the Wintermute hack in their DeFi vault and hot wallet contract. It would be easy for hackers to access these sources and transfer the money as they pleased. Wintermute attempted to cease the hack as a last resort by withdrawing all Ethereum from its hot wallet. But they hadn’t changed the vault administrator’s address. The specifics of the theft remain murky, but the perpetrators stole all the funds from the hot wallet.
Wormhole Bridge
Among the many bridges that have been the target of DeFi assaults, the Wormhole Bridge stands out. In contrast to Ronin Bridge, Wormhole Bridge does not facilitate the trading of games. It acts as a token bridge that allows users to trade tokens on several blockchains, including Ethereum, Terra, Oasis, Solana, and Avalanche. The bridge requires users to wager their ETH to get wrapped ETH, with a 1:1 ETH liquidity backstop. Consequently, the wrapped ETH would function similarly to regular ETH on the network. The hackers decided to assault the protocol by taking advantage of the liquidity.
Top 10 DeFi Hacks: Without supporting any ETH, the hacker created over 120,000 wrapped ETH tokens on Solana, a novel tactic for DeFi hacks. After that, the hacker drained the Ethereum network of about 93,750 wrapped ETH tokens, stealing almost $254 million. Bored Apes and, Finally, Usable Crypto Karma were among the tokens bought by the hackers using these monies. Crypto bridges have fundamental security issues, as highlighted by the Wormhole Bridge attack.
Beanstalk Farms
Without a liquidity pool, the algorithm-based stablecoin protocol Beanstalk can function. In April, the protocol suffered one of its most significant losses due to a DeFi attack, which cost them approximately $182 million. The Beanstalk Farms DeFi attack demonstrated how easily exploitable security holes in DeFi tokens might cause massive losses. The Beanstalk hack mainly occurred because of its decentralized governance system and the ability to take out flash loans.
Top 10 DeFi Hacks: Hackers stole cryptocurrency from the protocol and sent it to other addresses after gaining control of the governance mechanism through a flash loan. The attack at Beanstalk Farms highlights how vulnerable the Beanstalk DAO is.
Elrond
With over $113 million loss, the Elrond attack is also considered one of the top DeFi hacks. The Elrond blockchain’s native token, EGLD, was stolen from over 1.65 million users when hackers exploited a security weakness in Maiar, a decentralized exchange. After breaking into the decentralized exchange, the hacker allegedly stole EGLD using a smart contract and three wallets.
In addition, the hackers swiftly sold about 800,000 Elrond blockchain native tokens on Maiar for nearly $54 million. After liquidating their holdings on controlled exchanges, the hackers traded part of the tokens for Ethereum (ETH).
Scream
Scream, a DeFi lending platform, is another prominent name among those who have fallen prey to DeFi hacking. The Scream hack, based on the Fantom blockchain, highlights the vulnerabilities in the system and implies an extremely childish attack. As a result of stablecoins like DEO and Fantom USD having their pegs reduced, the platform racked up a debt of about $38 million.
Because of its easy-to-understand yet vague attack vector, the Scream protocol exploit is among the most often used hacks. The value of the two stablecoins was hard coded into the Scream protocol without any means of adjustment. As a result, it failed to show how the assets’ value was falling.
The whales used the loophole to withdraw precious stablecoins while depositing the depreciating Fantom USD and DEI stablecoins. Instead of static stablecoin prices, the Scream protocol implemented Chainlink oracles so users could access up-to-the-minute price data.
Qubit Finance
On January 28, Qubit Finance DeFi revealed that a hacker had compromised 206,809 BNB or Binance tokens. According to the protocol, the hack primarily targeted its QBridge protocol, and about $80 million worth of tokens were compromised.
Top 10 DeFi Hacks: Along with a considerable loss, it is one of the notable entries in a list of DeFi hacks. The hacker found a flaw in the QBridge contract’s deposit option and created about 77,162 qXETH, the Ethereum token bridged through Qubit. Close inspection reveals that the hacker repeatedly manipulated the platform into thinking they had made a deposit. At last, the hacker traded the protocol assets for BNB tokens and then vanished.
Horizon Bridge
The Horizon Bridge hack and the rest of 2022 were terrible years for crypto bridges. On June 23, a DeFi hack occurred on the Horizon Bridge, causing around $100 million in damage. Horizon provides a framework for cross-chain interoperability, allowing users to quickly move between several blockchain networks. These networks include Binance Smart Chain, Ethereum, and Harmony.
Hackers stole $98 million from the Harmony-managed platform, according to the DeFi exploit study. The theft affected over 50,000 wallets when the hackers swapped the tokens for Ethereum. The cybercriminals then stole about $35 million using Tornado Cash.
Cashio
In the same vein as crypto bridges, stablecoin protocols were regularly mentioned in the DeFi hack list. One such stablecoin technology that fell prey to the DeFi hacks this year is Cashio. Top 10 DeFi Hacks: The protocol’s CASH stablecoin took a hit, losing about $48 million due to the attack. With Cashio, users can mint CASH stablecoin by depositing tokens backed by liquidity provider tokens that pay interest.
The hacker dumped billions of CASH into the market for UST and USDC by exploiting Cashio’s fundamental features. The hacker then used the Saber DEX to withdraw the tokens. After plunging to zero, the CASH stablecoin eventually died out due to this hack.
How Can You Prevent DeFi Security Attacks?
There must be an urgent focus on DeFi security measures because of the magnitude of losses suffered by DeFi protocols due to various attacks. Some DeFi protocols use practical techniques to preserve DeFi security, while others feature incentives to improve security. Following DeFi security best practices has been highlighted by the spotlight cast on the top DeFi hacks and their impact on users and the community—for instance, thorough penetration testing for DeFi protocols or intelligent contract security audits. Furthermore, to ensure the security of protocols, developers should engage in bug bounties and collaborate with groups of external security specialists.
Conclusion
The critical vulnerability of the DeFi ecosystem is highlighted by the most common DeFi attacks. Crypto bridges and stablecoin protocols were frequent targets of the DeFi hack. The hacks make interoperability, a big plus for DeFi protocols, appear to be a drawback.
Consequently, a thorough evaluation of different hacks is necessary to comprehend the solutions to the question, Top 10 DeFi Hacks: To save a lot of money, it would be helpful to know the most typical mistakes and how DeFi protocols are vulnerable. Resolving DeFi security threats effectively requires providing users with a sense of safety and fostering trust in DeFi.
Also Read: What are DEXTools?: Who Needs It and How Does It Work?