Types of Exploits in DeFi You Need to Watch Out For

Even as advanced as blockchain technology and smart contracts have become, there still exist loopholes and errors vulnerable to exploits, which usually leads to the loss of users’ assets. This is one of the biggest risks you have to consider when becoming an investor in the DeFi space, especially if you’re a crypto beginner. This article will explain the main types of exploits so you can recognize and stay away from them.

The Rug Pull

The rug pull is a general term for exit scams that remove liquidity from the liquidity pool. Scammers can come up with a seemingly attractive and lucrative project, but when investors flock in and increase the price, they pull all the liquidity out of the project, walking away with the funds. This severely damages the capital of the investors, eventually forcing them to sell all their assets.

The rug pull happens quite often in the crypto sphere due to how easy it is to execute. As long as the developer team has access to the liquidity pool, you’re just placing your blind trust in them to not pull off the exploit. Even if they don’t initially have access to the pool, they can update the project to allow themselves permission.

Therefore, research is of utmost importance before investing in a project. Look for projects with transparent and accessible source code, a time lock on the liquidity pool, and a multi-signature system where it takes keys from various individuals to access the pool.

CertiK is a really useful site to examine audited reports and detect projects’ vulnerabilities.  Sometimes, the information can be hard to digest for someone without a cyber security background but the site will summarize problems in a readable manner. In addition, rekt.news is a good choice to track where DeFi exploits are happening.

DeFi

Flash Loan Attacks and Exploits

Flash loan is a special tool of trading where users can borrow a loan without any collateral by using smart contracts. The smart contract forces the borrower to pay back the loan before the transaction ends or it will reverse the process so it’s like the loan never happens. Flash loan is a useful instrument for its speed and collateral-free nature, but it also comes with potential attacks and exploits.

Arbitrage Trading

Even though considered an exploit, arbitrage trading is very common and even one of the main reasons why people utilize flash loans. Basically, the same cryptocurrency can have a 1-3% difference in trading price in different exchanges, because of trading volume and time zone.

Arbitrage trading takes advantage of this price difference, borrowing coins for a lower price on one exchange and selling them for a profit on another, then paying back the loan. All of this happens in a matter of seconds, basically earning free crypto. To lessen arbitrage trading, a more stable market is necessary.

Flash Loan Attack

Since flash loans rely solely on smart contracts for security, these smart contracts themselves can be targeted to tamper with their rules and protocols. One such attack is called the re-entrancy attack.

This attack happens when a smart contract makes an external call to another untrusted contract before the next step can take effect. If someone manages to control this untrusted contract, they can create a response to the original function over and over again, thus repeating the same interaction. Perpetual repetition prevents the smart contract from resolving and eventually drains all the ether out of it or make the execution reach its maximum stack size.

Wash Trading

Wash trading is as common in stock trading as it is in crypto. It refers to the practice of performing large transactions of, in our case, a coin to create false information to the market and pump up the price of said coin. After that, those behind the scene will sell the coins for increased value.

Wash trading can either be a joined act of both investors and brokers or investors alone acting as both buyers and sellers. This is illegal under US law and the IRS dismisses losses resulting from wash sales, which are defined as those occurring within 30 days of buying the security and resulting in a loss.

DeFi

Real-life Example of DeFi Exploits

Value Defi

The Value DeFi platform offers a variety of services aiming to bring fairness and innovation to the DeFi community. Unfortunately, it is one of the few protocols to have been exploited over and over again.

The first exploit was a classic flash loan attack happening at the end of 2020. The exploiter managed to steal $7 million but gave back $2 million to the developers with a message: “do you really know flash loan?”

In May of 2021, Value DeFi was exploited twice in a span of 4 days, both times by taking advantage of a coding error. The first attacker managed to set themselves as the owner of a liquidity pool and they walked away with $10 million worth of Bitcoin. The second exploit targeted an incorrect usage of a “Bancor formula”, which let the exploiter steal money from pools that didn’t have a 50/50 split liquidity. $11 million was stolen as a result.

Meerkat Finance

Meerkat Finance is a yield aggregator protocol that, after launching only one day, was exploited for around $31 million. It seemed like just another exploit until people found out the project was updated right before the attack to give developers backdoor access to user funds.

All evidence points towards this being a rug pull disguised as a hack but little did people know there was another twist waiting in store. Immediately a day later, all investors were refunded and it was announced that the ‘rug pull’ was a “social experiment” to test “user greed and subjectivity”. So while it was lucky that nobody lost their money, the Meerkat Finance case demonstrated how easy it was for people to invest in projects without thorough research.

EasyFi

When the devs came up with the name EasyFi, they probably didn’t mean ‘easy-to-exploit’. Still, EasyFi was a victim to the most disastrous DeFi exploit of $6 million in stablecoins plus $53 million in EASY tokens. This was achieved by injecting a malicious version of MetaMask into a computer used for EasyFi official transactions which let the hacker gain access to the admin keys. EasyFi’s founder, Ankitt Gaur, has offered a $1 million payout to the hacker to return the stolen funds but it doesn’t look like they’re biting any time soon.

Harvest Finance

Harvest Finance is yet another yield aggregator protocol that was attacked by flash loans. The exploiter first took a $50 million USDT flash loan, then swapped $11.4 million USDC to USDT which caused USDT price to increase. Then, they deposited $60.6 millon USDT into vault and swapped $11.4 million USDT back to USDC which made USDT price go down. After that, they withdrew the $60.6 million USDT from vault with a $0.5 million profit from the price arbitrage. They repeated this process 32 times, all in 7 minutes.

 

Types of Exploits in DeFi You Need to Watch Out For 1
About the author

Brent Dixon is the owner of E-Crypto News and an early adopter of cryptocurrencies. He is a Book editor- that has edited numerous books on Cryptocurrencies. He has been a writer for more than 30 years. Covering everything from Jazz Music to Blockchain Technology. He currently lives with his wife on Miami Beach, Fl.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 43,445.00
ethereum
Ethereum (ETH) $ 3,060.77
cardano
Cardano (ADA) $ 2.20
tether
Tether (USDT) $ 1.01
binance-coin
Binance Coin (BNB) $ 346.75
xrp
XRP (XRP) $ 0.949578
solana
Solana (SOL) $ 145.28
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 28.67
dogecoin
Dogecoin (DOGE) $ 0.204911
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 43,445.00
ethereumEthereum (ETH)
$ 3,060.77
tetherTether (USDT)
$ 1.01
bitcoin-cashBitcoin Cash (BCH)
$ 501.34
litecoinLitecoin (LTC)
$ 150.79
bitcoinBitcoin (BTC)
37.068,79
ethereumEthereum (ETH)
2.611,56
tetherTether (USDT)
0,861767
bitcoin-cashBitcoin Cash (BCH)
427,76
litecoinLitecoin (LTC)
128,66
bitcoinBitcoin (BTC)
31,746.43
ethereumEthereum (ETH)
2,236.59
tetherTether (USDT)
0.738034
bitcoin-cashBitcoin Cash (BCH)
366.34
litecoinLitecoin (LTC)
110.19

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin43,401 0.24 % 0.08 % 8.38 %
Ethereum3,048.2 0.42 % 0.24 % 8.62 %
Cardano2.190 0.19 % 3.42 % 4.31 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin345.44 0.07 % 1.00 % 15.72 %
XRP0.9456 0.06 % 0.11 % 9.85 %
Solana143.91 1.06 % 3.55 % 6.14 %
USD Coin1.000 0.01 % 0.09 % 0.12 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2038 0.45 % 1.66 % 13.10 %

bitcoin
Bitcoin (BTC) $ 43,445.00
ethereum
Ethereum (ETH) $ 3,060.77
cardano
Cardano (ADA) $ 2.20
tether
Tether (USDT) $ 1.01
binance-coin
Binance Coin (BNB) $ 346.75
xrp
XRP (XRP) $ 0.949578
solana
Solana (SOL) $ 145.28
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 28.67
dogecoin
Dogecoin (DOGE) $ 0.204911