Image default

Understanding hacking on DeFi platforms

The decentralized finance industry (DeFi) suffers attacks from hackers quite regularly. These have stolen, in the last two months alone, more than a billion dollars and more than 90% of all the stolen cryptocurrencies come from hacked DeFi protocols. The situation seems to be out of control and everything suggests that nothing will be able to stop the hackers.

Understanding the proliferation of hacking on DeFi platforms

According to the Chainalysis 2022 report, almost 35% of all cryptocurrencies stolen in the last two years are attributed to security breaches.

It may be a faulty code that hackers took advantage of. Indeed, hackers usually devote significant resources to finding systemic coding errors that allow them to carry out these types of attacks and usually use advanced bug-finding tools to help them do so.

Another tactic commonly used by threat actors to search for vulnerable platforms is to track down networks with security problems that have already been exposed, but whose solutions have not yet been implemented.

Most of the DeFi protocol codes are open source making them even more vulnerable to cybersecurity threats. Open source programs can be reviewed by the public and verified by anyone with an Internet connection. As such, these programs are easily scrutinized and hackers take the time to look for exploits in them. This inherent property of open source therefore allows hackers to analyze DeFi applications in search of integrity problems and plan their breakdowns in advance.

In addition, some DeFi developers have contributed to the hacking of their platform by deliberately ignoring the platform’s security audit reports published by certified cybersecurity companies. Some development teams also launch DeFi projects without subjecting them to a thorough security analysis. This increases the likelihood of coding defects. Finally, it must also be recognized that DeFi platforms are also subject to sabotage by people who are internal to the network.

The flash loan attacks

Flash loans are unsecured DeFi loans that do not require any credit check. They allow investors and traders to borrow funds instantly.

An analysis of the breach revealed that the hackers obtained a flash loan from the Aave DeFi protocol to obtain almost a billion dollars in assets. This allowed them to obtain a 67% majority in the voting governance system and allowed them to unilaterally approve the transfer of assets to their address. The perpetrators fled with about $80 million in digital currencies after repaying the flash loan and the associated surcharges.

About $360 million worth of cryptocurrencies were stolen from DeFi platforms in 2021 using flash loans, according to Chainalysis.

For Konstantin Boyko-Romanovsky, CEO and founder of Allnodes, the fight against hacking will be won on several fronts: ” The code needs to improve and smart contracts need to be thoroughly audited, that’s for sure. In addition, users should be constantly reminded of the rules of caution to be observed when online. The identification of any flaw can be the subject of an attractive incentive. This, in turn, could promote healthier driving in a particular protocol. ยป

It is also necessary that the exchanges continue to collaborate with the public authorities to get their hands on the scammers by providing all the necessary information for this purpose.

Ultimately, it should be remembered that in order to operate, hackers generally take advantage of the weaknesses of DeFi platforms. It is therefore by strengthening the security of the platforms that it will be possible to significantly reduce the computer hacks suffered by the various decentralized finance networks. To this will have to be added a greater vigilance of the authorities as well as a greater collaboration of exchanges in the search for hackers.

Source :

Receive a digest of the news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss anything essential Cointribune!

Luc Jose Adjinacou avatar
Luke Jose Adjinacou

Far from having cooled my ardor, an unsuccessful investment in 2017 on a cryptocurrency only increased my enthusiasm. I therefore resolved to study and understand the blockchain and its many uses and to relay information related to this ecosystem with my pen.

Related posts

Israel and Hong Kong test a CBDC

Ronald Chasteen

Polygon is experiencing extended downtime, affecting PoS users

Ronald Chasteen

Nomad Bridge Hack: 190 million dollars lost, 9 million found!

Ronald Chasteen