Since 2020, users have suffered losses in excess of $12 billion due to fraud and theft on DeFi platforms, with most of the losses – $10.5 billion – occurring in 2021. This is stated in the research of the analytical company Elliptic.
According to experts, only $721 million of this amount was subsequently reimbursed.
The most frequent targets of cybercriminals were the Ethereum and Binance Smart Chain blockchains.
The main reasons for attacks on decentralized projects in Elliptic are called errors in the code and architectural flaws. They account for $5.5 billion and $5.3 billion, respectively.
The presence of large pools of liquidity allows hackers to launder the proceeds of criminal activity, leaving virtually no trace. Fraud in the segment is also common.
Losses related to the use of administrator keys amount to $1 billion, exit scams account for $18 million. Regarding the last point, experts stressed that the amount may be higher, since this type of fraud is more difficult to detect, unlike exploits.
Among dapps, 34% of the total damage was caused by lending services, 17.1% by DEX, 16.4% by asset management applications and 13.5% by interconnect bridges.
“Decentralized applications are designed to work in a trustless environment, since they exclude any third-party control over user funds. But you still have to believe that the creators of the protocol did not make mistakes in the code or design that could lead to a loss of funds,” Elliptic analysts noted.
Large DeFi platforms say they are taking various measures to improve security, from hiring external firms to audit code for vulnerabilities to storing keys and passwords necessary to access users’ wallets in secure environments.
According to industry tracker DeFi Llama, at the time of writing, crypto assets worth about $253 billion are involved in DeFi platforms, compared to $16 billion a year ago.
Recall that on August 10, hackers carried out the largest attack in the history of the industry on the Ethereum, Binance Smart Chain and Polygon blockchains, hacking the Chinese Poly Network inter-network protocol. The cumulative damage amounted to $611 million in various cryptocurrencies.
In February and August, October, hackers attacked the Cream Finance DeFi protocol. In the first case, cybercriminals took advantage of a bug in the Alpha Finance smart contract and stole tokens worth $37.5 million. In the second, they took advantage of a bug in the Flexa Network smart contract and received additional flash loans of tokens worth more than $18 million. In the third, an error that “allows you to borrow all funds in current lending pools” cost the platform $130 million.
In early November, the hacking was reported by the DeFi platform bZx. The damage was estimated at $55 million.