Digital thieves had a big year in 2021 and they seem to be enjoying a greater year in 2022. This time around, they have focused their efforts on the robbing of DeFi the robbing of DeFi. In the first three months of this year, for instance, hackers stole $1.3 billion worth of crypto from platforms, exchanges, and private entities.
Nearly 97% of the crypto stolen in this period was taken from decentralized finance (DeFi) protocols, up from about 72% in 2021 and only 30% in 2020. DeFi protocols are powered by blockchains that are said to be impenetrable. However, that is not deterring hackers and cybercriminals from engaging in the robbing of DeFi.
Why Do Hackers Attack DeFi If The Blockchain Is Highly Secure?
The robbing of DeFi has increased greatly in 2022. However, it seems strange yet the blockchain makes DeFi possible. Since blockchain is supposed to be secure, how do the DeFi hacks happen? How do hackers manage to attack many DeFi platforms and applications?
By description, the blockchain is a decentralized distributed shared ledger that stores a variety of data, including NFT ownership and crypto transactions. Thus, it is nearly impossible for anybody to execute a fraudulent transaction. While these hacks can be executed, they present a major challenge to criminals.
When you include a layer of Proof-of-Stake (PoS) or Proof-of-Work (PoW) transaction verification strategies, it becomes quite challenging to trick the system. Hackers have to attack every node on the blockchain and change every copy of the ledger to avoid detection.
POS uses randomly chosen miners to authenticate transactions. On the flip side, POW utilizes a competitive validation strategy to confirm transactions. After a transaction gets confirmed, a new block is added to the blockchain.
Therefore, a decentralized public blockchain can be impenetrable since everyone on the network needs to validate that all transactions were executed legally. But, why are major crypto heists still happening? The answer is in the cross-chain bridges.
What Are Cross-Chain Bridges?
A cross-chain bridge links two blockchains and lets users send, receive, and swap. With these bridges, users can send crypto from one blockchain to another without the involvement of a central authority or intermediary.
While it might sound simple, it is not. A cross-chain bridge is like attempting to change airline miles into dollars to spend at a grocery store. These bridges offer users options in matters of high transaction fees or gas prices, transact at high speeds, enhance utility, boost privacy, and improve user experiences via interoperability.
The cross-chain bridges give users freedom and encourage fair competition. If one network is faster and cheaper than the other, one can switch and move their crypto and digital assets for lower costs.
Nonetheless, sidechain and cross-chain bridges can turn the entire DeFi concept on its head. A majority of the cross-chain bridges depend on centralized federations and external validators like wrapped tokens and third-party custody to support asset transfers.
Why Are Cross-Chain Bridges Vulnerable?
Cross-chain bridges have massive security risks since users need to effectively manage attack possibilities from a bigger network surface area. That is the case since many chains developed by different entities are connected.
Essentially, they can let hackers steal funds by just moving tokens from one chain to another. Moreover, DeFi platforms are desirable targets for criminal attacks since hacks provide quick payoffs, anonymity, and privacy. Notably, law enforcement in this Sector is not yet up to speed to curb such activities.
Nevertheless, the reason why users have to deal with many security breaches like MultiChain, Poly Network, Thorchain, and Wormhole comes down to founders not taking security seriously and ignoring some bugs while leaving others undetected.
For instance, swapping from ETH to BNB requires a Binance, Ethereum, and a swapping agent in the cross-chain bridges. BNB and ETH might be safe. However, that does not matter in case the bridging agent is a weak link.
When the custodians manage to secure millions and billions of dollars using untested security practices and dilapidated systems, securing user funds becomes quite challenging. Here are a few examples where hackers were involved in the robbing of DeFi platforms.
The Wormhole Bridge Attack
The Wormhole attack, the second-biggest cryptocurrency hack of all time, saw losses of more than $300 million (or 120,000 ETH). How did it happen?
Wormhole lets users bridge digital assets across chains like Ethereum, Avalanche, Solana, Binance Smart Chain, Terra, and Polygon. The users can send assets between blockchains, with the bridge powering the transfer by locking transactions and minting a wrapped version (wBTC, wETH) to the destination chain.
Solana had software components that were not updated. Some of the hackers discovered and exploited easily avoidable technical negligence. For instance, criminals managed to circumvent the “verify signature” process by introducing a malicious “sysvar account” into the instruction.
In that context, they attacked the cross-chain protocol since it did not validate all “guardian accounts.” The incident enabled the criminals to spoof guardian signatures and mint up to 120,000 ETH from nowhere.
In that case, the main cause of the cross-chain attack was the “verify signature” procedure since the contract had an out-of-date functionality that did not authenticate the legitimacy of the sysvar account. These exploits are reminders that decentralized finance (DeFi) is still budding and most of the projects existing currently are just experiments.
Hacker Steals $8.4M From Moola Market DeFi Protocol
Cybercrime is an important subject in the DeFi industry, with the most recent incident seeing Moola Market getting exploited for more than $8.4 million. But, most of these funds were returned in a surprising turn of events.
Moola Market tweeted after the attack:
“First off, we’re buoyed by the fact that the majority of funds were recovered. This is good news for all users and means that the impact will be limited.”
We want to provide a detailed update on today’s incident and share our plan for safely restarting the @Moola_Market protocol. First off, we're buoyed by the fact that the majority of funds were recovered. This is good news for all users and means that the impact will be limited. https://t.co/JfglNlM2g3
— Moola Market 🐮 (@Moola_Market) October 19, 2022
Based on the protocol:
“Following today’s incident, 93.1% of funds have been returned to the Moola governance multi-sig. We have continued to pause all activity on Moola and will follow up with the community about the next steps, and to safely restart operations of the Moola protocol.”
Research Director at The Block, Igor Igamberdiev, tweeted that, under the “incredibly simple attack”, the “exploiter was funded with 243k CELO” from the Binance exchange. The funds enabled them to access some $8.4 million worth of crypto. Igor stated:
“The attacker lent 60k CELO to Moola and borrowed 1.8M MOO to use them as collateral” after which they “started pumping the MOO price with the remaining CELO, and to use it as collateral and borrow all other tokens.”
A report published earlier this year by Chainalysis said that some types of crypto-based crime, including theft of funds and hacking, have increased in occurrence in 2022. The company says that most of that can be attributed to the quick increase in funds stolen from DeFi protocols, a trend that started in 2021.
The firm’s report stated:
“Through July 2022, $1.9 billion worth of cryptocurrency has been stolen in hacks of services, compared to just under $1.2 billion at the same point in 2021.”
After a string of major attacks, in August, the U.S. Federal Bureau of Investigation (FBI) also confirmed that it was taking steps to warn investors and platforms about cybercrime risks. The law enforcement agency stated that it would recommend several precautions that may prevent DeFi market participants from losing their assets to criminals.
The agency published a statement:
“Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money. Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.”
Mango Markets Exploiter Insists Aave Could Be Susceptible To Similar Attack
The trader who claimed responsibility for the recent $116 million Mango Markets exploits, Avraham Eisenberg, publicly revealed a possible strategy for highly capitalized entities to exploit the REN market on Aave V2.
Based on Eisenberg’s proposed “trading strategy”, an organization would require to supply up to 100 million USDC and borrow about $85 million worth of REN tokens against the funds. After that, using another account, the organization would have to deposit the REN tokens and borrow 50M USDC. The USDC would then be used to acquire more REN tokens. The process would have to be repeated many times.
This threat comes at a time when most crypto investors are on edge about the possibility of exploits and hacks in the industry. Hackers have stolen $718 million from DeFi protocols in October alone. These thefts have made October the worst month on record based on data acquired from Chainalysis. An exploit of Aave, one of the first and biggest decentralized finance (DeFi) protocols, would also dampen confidence in the market.
Purchasing tens or hundreds of millions of dollars’ worth of REN would send prices surging and enable the entity to borrow more against its deposited collateral. If there is a 10-fold increase in the price of REN, the involved entity would manage to borrow up to $500 million worth of assets, after originally investing $100 million, potentially getting $400 in profit.
Eisenberg insists that starting with more capital would increase the chances of a successful heist.
Notably, the price of the REN token shortly spiked by nearly 10% after Eisenberg’s tweet. Several hours before, Eisenberg speculated about the size of a possible bounty from the Aave team in case somebody could demonstrate the strategy on a testnet successfully.
He claimed that more than five funds have reached out to him, but he was yet to hear from the Aave team.
On October 15, 2022, Eisenberg publicly admitted that he was actively involved in the $116 Mango Markets exploit. He alleges that he worked with a team, and terms the exploit as a highly profitable trading strategy”. He contends that his actions are fully legal because he profited from the protocol’s flawed economic design.
A governance proposal that was passed on October 15 states that the holders of MNGO tokens will not pursue any criminal charges or try to freeze assets in case the agreed-upon tokens are reimbursed. The assets would be utilized in the payment of any bad debt caused by the exploit.
Mango Markets said it had got a variety of crypto assets valued at $67 million on the same day. Hence, Eisenberg and Company netted themselves an impressive “bounty” of roughly $49M. Famous security researcher samczsun believes that the proposal was a bad-faith negotiation and cannot be considered a bug bounty.
Based on polls on a forecast market known as Manifold Markets, there is a 12% probability of Eisenberg trying his strategy on Aave, with an 11% chance of him pulling it off.
As DeFi matures and evolves, it will become more challenging for hackers to trick a node or take it offline. Crypto technology only gets better with every solution to an issue, with every iteration. Hence, robbing of DeFi will soon become a thing of the past.
How Can DeFi Projects Secure Their Crypto?
With DeFi applications on the rise, platforms are now suffering from more hacks than ever before. Therefore, token security is more important than ever before. Sadly, there is no straightforward solution to these threats.
Some projects do not have enough funds to hire experienced contract developers, and that might be their downfall even before starting. For a sector aiming to go mainstream and ask developers of all backgrounds to launch their tokenized projects, security requires a standard. Otherwise, more hackers will continue with the robbing of DeFi funds.
Projects and developers need easy ways of establishing token security. Nonetheless, several blockchain projects are striving to help new developers. These platforms generate tokens that have pre-built security standards to guarantee that developers in the DeFi space have a baseline.
All DeFi projects are advised to use pre-audited code and have solid developers and a strong team to help thwart threats swiftly whenever they arise. Projects like Lossless help reduce DeFi hacks using a specialized code that projects can readily integrate into their own.
By inserting such security codes into the token, token developers get protection from fraudulent transactions and DeFi hacks. The security codes integrate user-created, hack-spotting bots that instantly freeze all suspicious transactions. The bots are developed by white hat hackers who participate in the network. They earn rewards whenever their bot finds and stops a hack.
Incorporating the security codes and bots on DeFi platforms will enable users and developers to avoid losing their funds to hackers and other cybercriminals.
For the case of users, here are the measures to help protect themselves:
- Conduct due diligence to determine which projects are safe and which are risky.
- Go for protocols cleared by ethical hackers like Zokyo and Trail of Bit. These hackers are making Web3 better and safer each day. By engaging the services of white hackers, DeFi projects encourage the consensus and protocols within the network to enhance security.
- Look at the total value locked (TVL). Look at the amount of crypto locked into the protocol. If the TVL is in the billions of dollars and the protocol has been active for a long time, security risks are relatively low. However, always remain extra cautious.
- Keep up with the latest news to mitigate the effects of DeFi hacks.
Blockchain Security Is Improving Daily, DeFi Is Here To Stay
The blockchain is highly secure. However, vulnerabilities appear within inter-operations between many blockchains. While cross-chain bridges result in many security issues, they are crucial to scalability, interoperability, and boosting user experience.
As the DeFi space is still budding, the space, in general, is getting better with each security issue that comes up. We learn from every hack and evolve the environment to guarantee privacy and security.
Most DeFi projects can keep their names away from the headlines by implementing proactive measures to guarantee smart contracts security. As blockchain security gets progressively better daily, DeFi is gradually becoming a formidable force in the sector.