Attacks on DeFi Protocols Increased by 1330% in 2021, Trend Continues with $600M+ Ronin Hack
Earlier this week, the news made headlines that Ronin, the sidechain for blockchain-based play-to-earn online mobile game Axie Infinity, was exploited to the tune of over $600 million. The hack is already among the biggest heists in the history of crypto — but it is also one more thing: a reminder that DeFi is still inundated with vulnerabilities.
Exploits Targetting DeFi Increased by 1,330% in 2021
On Tuesday, blockchain project Ronin unveiled that hackers have stolen 173,600 ETH tokens and 25.5 million USD coins after compromising five out of Ronin’s nine validator nodes. The incident actually took place on March 23, but the team was alerted after a user was unable to withdraw 5,000 ETH earlier this week, which meant funds had been drained.
The value of stolen funds in terms of US dollars was around $550 million at the time of the heist. However, with the recent increase in the price of cryptocurrencies, the value of the crypto loss has increased to over $620 million. Either case, the hack is easily among the biggest crypto heists ever.
While Ronin’s incident is shocking, particularly since many people have lost their “life savings,” a closer look reveals that DeFi is flooded with such hacks. According to a recent report by crypto research firm Chainalysis, DeFi thefts have been increasing exponentially in recent years.
In 2020, around $162 million worth of crypto was stolen from DeFi projects, a 335% increase compared to 2019. In 2021, crypto stolen from DeFi protocols rose another 1,330%, reaching $2.3 billion.
Interestingly, DeFi hacks are continuing to account for the larger share of all crypto hacks. For instance, 31% of the total amount of crypto stolen in 2020 came from DeFi projects, while more than 71% of all crypto stolen in 2021 was drained from DeFi protocols. “In other words, as DeFi has continued to grow, so too has its issue with stolen funds,” the report said.
Join our Telegram group and never miss a breaking digital asset story.
DeFi Protocols Are Now Hackers’ Primary Target with $2.3B Stolen in 2021
Historically, hackers have been targeting centralized exchanges and crypto platforms, which are naturally attractive choices given their vast trove of crypto assets. There are countless examples of this, from Mt. Gox and Bitfinex to Crypto.com’s hack earlier this year.
However, starting in 2021, hackers have shifted their focus toward DeFi platforms. This is mainly because DeFi protocols are open-source, meaning their code is publicly visible. While this is an important aspect of DeFi because it enables everyone to verify the code, it also allows bad actors to search for loopholes and exploit breaches.
Another potential point of failure is DeFi projects’ dependence on price oracles, which are used to transform information about the price of an asset between blockchains. “Secure but slow oracles are vulnerable to arbitrage; fast but insecure oracles are vulnerable to price manipulation,” Chainalysis said.
Notably, code audits have not been much efficient in preventing hacks. According to the report, audited DeFi projects account for around 30% of code exploits and 70% of flash loans, which are a type of exploits involving price manipulation.
Code exploits and flash loan attacks are also the most prevalent attack vectors for hackers. Cumulatively, these two types of attacks accounted for 49.8% of all value stolen in 2021, and around 70% of all crypto stolen across DeFi projects.
Meanwhile, the Ronin team has said they will reimburse all affected users. “We are committed to ensuring that all of the drained funds are recovered or reimbursed,” the project’s official Twitter account said.
However, arguably, the hack’s adverse impact on the crypto space can not be recovered. In fact, if DeFi projects want to gain mainstream adoption, they first need to address security issues.
Which one do you prefer: centralized and safe, or decentralized and prone to exploit? Let us know in the comments below.