How DeFi Can Recover From its Slew of Hacks
Image courtesy of 123rf.

How DeFi Can Recover From its Slew of Hacks

With nearly $100 million lost from hacks in 2020, DeFi is a hotbed of security breaches. How do we move forward?
Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

Decentralized finance has made the investing world more democratic and accessible. It has taken away intermediaries, lengthy verification, and eligibility determination processes. Resultantly, the process of accessing funds has become hassle-free, inclusive, and less costly. 

But with every progressive step that we take towards making a process more expansive, there come some risks. Even a small, inherent flaw of a system can blow up to become an enormous issue that requires immediate attention. With the explosive growth in the DeFi market comes the threat of hackers and malicious attacks. 

Growth and Invasion: A Classic Case of Collateral Damage?

Total value locked away in various DeFi protocols has seen a dramatic rise in 2020. From a size of $676 million in January 2020, DeFi has grown by more than 1,700% to become $12.7 billion by November 2020. Some estimates claim the total value locked in the DeFi protocols has increased to an even larger size of $14.7 billion over 2020. But, with increasing autonomy has appeared the risk of large-scale security breaches. 

According to the latest available estimates available, 20% of the combined volume of all crypto hacks that happened in 2020 came from the decentralized finance space alone. In terms of the number of all hacks and thefts, DeFi accounted for 50% in the second half of 2020.

During the first two quarters in 2020, all DeFi hacks together clocked a volume of $51.5 million. In the second two quarters, all DeFi hacks added up to a volume of $47.7 million. Together, in all four quarters, the total hacked volume was nearly $100 million. 

Such a hefty volume of theft and hacks has brought the question to the fore: why do hacks continue to happen in the DeFi space? To ascertain what might be driving these hacks, let us first look at some instances of hacking in the DeFi space in the recent past. 

Summary of DeFi Hacks in 2020:

  • On March 12, 2020, malicious cyber attackers exploited the congestion that happened in the Ethereum network to spam the MakerDAO network. Resultantly, the oracles struggled to give updated prices, and liquidation protocols failed to keep up with liquidations. Some participants of the network took advantage of the situation to liquidate their loans for free. Such wrongful exploitations resulted in a loss of $8.32 million.
  • On September 29, 2020, hackers exploited the gamified DeFi platform Eminence to be bereft of its $15 million initial investment that it had managed to garner in its beta contract. What was even more surprising with this hack was that Eminence did not even have a website and had not yet gone live.  
  • On September 14th, 2020, the platform bZx lost $8 million when the hackers managed to explore a bug in the protocol successfully and started creating iTokens for free. 
  • On 19th April 2020, the platform dForce was hacked, and it lost $25 million. The attackers exploited the Ethereum vulnerability that made MakerDAO lose its money. 
  • In a flash attack on October 26, the Harvest Finance protocol lost $34 million when malicious users manipulated the price of several stablecoins on decentralized exchanges (DEX). The wrongful manipulations resulted in arbitrage opportunities and allowed hackers to buy more stablecoins than they should’ve been able to.

Reasons Behind the Increasing Number of DeFi Hacks

Among different types of DeFi hacks, experts are observing a surging trend of attacks where hackers are subverting the loan mechanism. These attacks are popularly known as flash attacks, and they open up opportunities for further misdoings, including asset price manipulation.

Some experts have gone further and categorized the hacks that happen with DeFi protocols in under three broad segments: errors in business logic, mistakes in coding, and issues arising out of management override controls. 

Attacks that exploit Ethereum protocols have also been noted to happen quite frequently. Here, attackers exploit the loopholes in Ethereum’s coding. These are not inherent flaws of Ethereum. Rather, they happen because of wrongly combining Ethereum’s code with that of the compromised DeFi protocols’ inadvertently opening up doors for further exploits.

In management override-induced issues, the founders of the exploited protocols take advantage of their position as an initial liquidity provider and dump a humongous volume of tokens on the community.

Overall, most of these issues generate out of the DeFi protocols’ evolving status. The more people start using the protocols, the more such issues will come to the fore driving the platforms to enforce stricter systems and foolproof business logic. These actions can be expected to drive down the rate at which DeFi protocols are being hacked and exploited. 

Do you believe DeFi Protocols are showing increased maturity than before to tackle malicious cyber attacks? Please let us know your views in the comments below.