In 2021, Criminals Stole $3.2B In Crypto. $2.3B Of Those Funds Came From DeFi

DeFi, a hacker without a face

At the last peak, there were $256B invested in DeFi. The industry’s rapid growth brought attention, and among those eyeballs, there were bad actors. In fact, “the value stolen from these protocols catapulted 1,330%” last year. That’s according to surveillance firm Chainalysis’ “The 2022 Crypto Crime Report,” which also informs us that:

“In 2020 and 2021, lending platforms such as yield farming protocols endured the largest losses, with $923 million in total stolen funds and 64 theft incidents. Infrastructure services like cross-chain protocols and oracles-as-a-service came in close second, with DEXes and DAOs reckoning with significant thefts as well.”

So, the whole DeFi set is in trouble. Do smart contracts introduce lethal vulnerabilities or will programmers learn how to tame the beast? Last year, the amount stolen on crypto hacks augmented 6x from 2020. It reached the impressive $3.2B mark, and $2.3B “of those funds were stolen from DeFi platforms in particular.” 

Related Reading | Chainalysis New Service: Snitching For The Lightning Network. Can They Deliver?

That’s a massive change from previous trends.“In every year prior to 2021, centralized exchanges lost the most cryptocurrency to theft by a large margin.” Not only that, “centralized exchanges, once a top destination for stolen funds, fell out of favor in 2021, receiving less than 15% of the funds.” So, DeFi stole the show and centralized exchanges weren’t even on criminal’s radars last year.

Total Value Stolen And Total Number Of Thefts | Source: Chainalysis

Why Did This Happen To DeFi?

Money and success bring attention and attention brings criminals. Besides that, surveillance company Chainalysis identifies other factors. One is DeFi’s reliance on open-source software. While it’s useful that users can audit the code, it “also stands to benefit cybercriminals, who can analyze the scripts for vulnerabilities and plan exploits in advance.”

Price oracles are another vulnerability. “Secure but slow oracles are vulnerable to arbitrage; fast but insecure oracles are vulnerable to price manipulation. The latter type often leads to flash loan attacks, which extracted a massive $364 million from DeFi platforms in 2021.” In fact, code exploits and flash loan attacks were the protagonists last year: 

“In 2021, code exploits and flash loan attacks—a type of exploit involving price manipulation—accounted for a near-majority of total value stolen across all services at 49.8%. And when examining only hacks on DeFi platforms, that figure increases to 69.3%.”

A possible solution against common crypto hacks is code audits for smart contracts. However, “audits aren’t infallible. Nearly 30% of code exploits occurred on platforms audited within the last year, as well as a surprising 73% of flash loan attacks.“

ETHUSD price chart for 02/22/2022 - TradingView

ETH price chart for 02/22/2022 on Gemini | Source: ETH/USD on

Top 10: The Largest Crypto Hacks Of 2021

These ten crimes “accounted for a majority of the funds stolen at $1.81 billion.” According to Chainalysis’ data, the top ten is:

  1. Code exploit at Poly Network, $613M
  2. Security Breach at BitMart, $200M
  3. Security Breach at BadgerDAO, $150M
  4. Embezzlement at Undisclosed, $145M
  5. Code Exploit at Venus, $145M
  6. Leaked Private Keys at BXH, $139M
  7. Flash Loan at Cream Finance, $130M
  8. Security Breach at Vulcan Forged, $103M
  9. Code exploit at Undisclosed, $91M
  10. Security Breach at Undisclosed, $91M

Conclusions And Solutions

The report finishes the section with possible solutions that it already admitted are not enough, like “code audits, decentralized oracle providers, and an altogether more rigorous approach to platform security.” And then, it gives an additional tip, “even when these functions do fail and cryptocurrencies are stolen, blockchain analysis can help.”

Related Reading | Criminal Crypto Wallet Balances Tripled In 2021, Says Chainalysis

There’s a question that Chainalysis and everyone working in DeFi is afraid to ask, though. What if the vulnerabilities are inherent to the system and smart contracts in general? What if the honeypot DeFi creates is just too tempting? What if the whole thing is just too risky?

Featured Image by TheDigitalArtist on Pixabay | Charts by Chainalysis and TradingView

Source link

Be the first to comment

Leave a Reply

Your email address will not be published.