DeFi attacks are now at an alarming rate. Over the past few years, scores of DeFi protocols have been vulnerable to different forms of attacks on their networks. Sadly, these attacks, in most cases, result in permanent loss of users’ funds. In 2022 alone, funds stolen from DeFi protocols accounted for $3.1 billion of all the $3.8 billion stolen for that year. According to Chainalysis, this represents over 82.1% of the total exploitations in the industry for that year. It also indicated a 9% increase from the recorded figure in 2021. Recall that funds stolen from DeFi around 2021 constituted over 73% of all the assets stolen for that year. Without any doubt, the big rise in 2022 was one of the factors that led to the prevailing crypto winter ravaging the industry.
DeFi hacks in 2023
The situation does not seem to be getting better in 2023. Within the first half of the year, many DeFi protocols experienced varieties of exploitations, leading to the loss of millions in users’ funds. So far, the attack on Euler Finance around March constitutes the biggest DeFi exploitation since the beginning of the year. In the attack, the DeFi lending platform lost $197 million in crypto assets. According to Certik, the hackers stole several assets which include 8.87 million $DAI, 34 million $USDC, 85.8k $stETH, and many more. However, after a series of investigations into the incident, the attackers returned 3000 ETH from the stolen funds.
Similarly, Bonq is also on the list of DeFi platforms that have suffered crypto hacks this year. The lending platform lost over $120 million in assets after the attacker gained unauthorized access to its network. The attacker stole 98 million $BEUR worth $109 million and 113.8 $WALBT worth $11 million. Apart from Euler FInance and Bonq, several others like Bitrue, EraLend, GDAC, Hedera, LaunhZone, and many more suffered the same fate. This thus raises questions about the safety and reliability of DeFi.
How DeFi platforms are becoming increasingly vulnerable
News about DeFi hacks is rampant owing to how many users are yet to come to terms with most decentralized finance platforms. This is due to the sophisticated structure of these platforms. The DeFi space is still in a nascent stage and most of the platforms are yet to fine-tune their interface well enough to an average level. An average level where most users can easily interact with the protocols seamlessly. Therefore, it requires substantial knowledge about technical know-how to interact with most of the DeFi protocols. In the absence of this technical know-how, users become vulnerable to attacks.Â
Likewise, some of these platforms are vulnerable to attack due to their refusal to conduct time-to-time security checks on their protocols. In recent times, bug bounty programs have been one of the most effective ways of preventing hacks. Organizing these programs will bring together talented individuals to help the protocol spot potential vulnerabilities. Consequently, devising solutions before hackers could leverage them to strike.Â
However, the refusal of these projects to organize programs like this or carry out protocol audits has made them vulnerable to hacks. Protocol audits by an external blockchain security firm can also help indicate security lapses in a DeFi platform. As earlier stated, due to the DeFi landscape being at a nascent stage, there is still room for development. Technically, most DeFi projects due to their decentralized nature are governed by smart contracts. To some extent, these smart contracts have their shortcomings which are technically rooted. More so, hackers mostly leverage these vulnerabilities to perpetuate their acts.Â
ConclusionÂ
Meanwhile, it is worth establishing that the lucrative nature of the DeFi space has made it an attractive target for hackers. Though this may not in any place contribute to why these projects are vulnerable. Nevertheless, it is the major reason why hackers have turned a huge focus on the DeFi landscape.Â
Above all, to address the vulnerability of these platforms to hacks, project teams have a lot to give. First, they must focus on enhancing security. Also, they must improve the friendliness of their interface and educate users.Â