DeFi attacks are on the rise - Will the industry be able to stop the wave?

DeFi attacks are on the rise – Will the industry be able to stop the wave? – Mail Bonus

The diversified financial industry (DeFi) has lost over a billion dollars in hackers in the last two months and the situation seems to be getting out of hand.

According to the latest statistics, approximately $ 1.6 billion in cryptocurrencies were stolen from DeFi systems in the first quarter of 2022. Furthermore, over 90% of all stolen crypto is from hackers of DeFi protocols.

These figures highlight a dire situation that is likely to persist in the long run if ignored.

Why hackers prefer DeFi platforms

In recent years, hackers have expanded activities aimed at DeFi systems. One of the main reasons why these groups are attracted to the sector is the large amount of capital held by diversified financial platforms. The major DeFi platforms generate billions of dollars in commercial transactions each month. As such, the rewards are great for hackers who can carry out successful attacks.

The fact that most DeFi protocols are open source also makes them even more vulnerable to cyber security threats.

This is because open source software is available for public viewing and can be reviewed by anyone with an internet connection. As such, they are easy to look for heroic deeds. This inherent feature allows hackers to detect DeFi programs for integrity issues and plan robberies in advance.

Some DeFi developers have also contributed to the situation by deliberately ignoring platform security audit reports issued by licensed cyber security companies. Some development teams also launch DeFi projects without putting them through a comprehensive security analysis. This increases the likelihood of coding defects.

Another flaw in the armor when it comes to DeFi security is the interconnection of ecosystems. DeFi platforms are usually interconnected using cross bridges, which increases comfort and versatility.

While cross-bridges provide an enhanced user experience, these important code snippets connect together a giant network of distributed accounting books with varying degrees of security. This multiplex setup allows DeFi hackers to activate the capabilities of multiple systems to amplify attacks on a particular platform. It also allows them to transfer ill-gotten wealth quickly across multiple distributed networks seamlessly.

In addition to the aforementioned risks, DeFi platforms are also vulnerable to insider vandalism.

Security breach

Hackers use a wide range of methods to infiltrate sensitive DeFi peripheral systems.

Security breaches are a common occurrence in the DeFi sector. According to the 2022 Chainalysis report, approximately 35% of all stolen cryptocurrencies over the past two years are traced to security breaches.

Many of them occur due to faulty code. Hackers usually spend a considerable amount of money to find systematic coding errors that enable them to execute these types of attacks and usually use sophisticated debugging tools to assist them in doing so.

Another common method used by hackers to search for vulnerable systems is to track down networks with uninstalled security issues that have already been identified but are yet to be implemented.

Hackers behind the recent Wormhole DeFi hack that resulted in the loss of about $ 325 million in digital symbols are said to have used this strategy. An analysis of the code obligations revealed that the vulnerability patch uploaded to the platform’s GitHub archive was used before the patch was installed.

The mistake led to an intruder forging a system signature that would allow him to strike $ 120,000 million worth of Wrapped Ether (wETH) coins. The hackers then sold wETH for about $ 250 million in Ether (ETH). The replacement Ethereum coin was extracted from the platform’s reserves, which resulted in a loss.

The wormhole service acts as a bridge between chains. It allows users to spend deposited cryptocurrencies on wrapped symbols across chains. This is done by entering wormhole-wrapped symbols, which reduce the need to swap or change coins directly.

Recent: How blockchain archives can change the way we record wartime history

Flash credit attacks

Flash loans are unsecured DeFi loans that do not require creditworthiness. They enable investors and traders to lend money instantly.

Because of their convenience, quick loans are usually used to take advantage of arbitration opportunities in related DeFi ecosystems.

In flash credit attacks, lending rules are targeted and jeopardized by using price treatment methods that create artificial price discrepancies. This allows bad players to buy properties at huge discounts. Most lightning strikes take minutes and sometimes seconds to execute, and involve several interconnected DeFi protocols.

One way in which attackers manipulate property prices is by targeting aggressive price quotes. DeFi price oracles, for example, derive their price from outside sources such as reputable stock exchanges and trading sites. Hackers can, for example, optimize their source pages to deceive oracles in order to temporarily lower the value of targeted asset rates so that they trade at a lower price compared to the wider market.

Attackers then buy the property at a flat rate and sell it quickly at a floating rate. The use of leveraged tokens obtained through quick loans allows them to increase profits.

In addition to streamlining the price, some attackers have been able to carry out quick loan attacks by hijacking the DeFi election process. Most recently, Beanstalk DeFi lost $ 182 million after an attacker exploited a flaw in his control system.

The Beanstalk development team had included a management system that allowed participants to vote on field changes as a core activity. This setup is popular in the DeFi industry because it maintains democracy. Voting rights in the forum were set to be commensurate with the value of the native symbols held.

An analysis of the crime revealed that the attackers received quick loans from the Aave DeFi protocol to get almost 1 billion dollars in assets. This allowed them to get a 67% majority in the voting system and allowed them to unilaterally transfer assets to their address. The perpetrators started with about 80 million dollars in digital currencies after repaying the flash loan and related surcharges.

Approximately $ 360 million worth of cryptocurrencies were stolen from DeFi systems in 2021 using flash loans, according to Chainalysis.

Where does stolen cryptography go?

For a long time, hackers have used central exchanges to launder stolen money, but cybercriminals have begun to release them for the DeFi platform. In 2021, cybercriminals sent about 17% of all illegal crypto to DeFi networks, which is a significant jump from 2% in 2020.

Market analysts argue that the change in DeFi protocol is due to the wider implementation of stricter methods with the Known Customer (KYC) and against money laundering (AML). The rules of procedure reduce the anonymity that cybercriminals seek. Most DeFi platforms skip these important processes.

Cooperation with the authorities

Centralized stock exchanges are also working, now more than ever, with the authorities to combat cybercrime. In April, the Binance Stock Exchange played a key role in recovering $ 5.8 million in stolen cryptocurrencies as part of a $ 625 million deposit stolen from Axie Infinity. The money had originally been sent to Tornado Cash.

Tornado Cash is an identified anonymity service that complicates the origin of funds by splitting chain links used to trace business assets.

Some of the stolen funds, however, were traced by blockchain analytics companies to Binance. The robbery was held at 86 addresses on the stock exchange.

Following the incident, a spokesman for the US Treasury Department emphasized that cryptocurrencies that handle money from blacklisted cryptocurrencies are at risk of sanctions.

Tornado Cash also appears to be collaborating with the authorities to stop the transfer of stolen funds to its network. The company has said it will implement monitoring tools to help identify and block embarrassing wallets.

There appears to be some progress in the seizure by the authorities of assets that have been unused. Earlier this year, the US Department of Justice announced the seizure of $ 3.6 billion in cryptocurrencies and arrested two men involved in laundering the funds. The money was part of the $ 4.5 billion that was taken from Bitfinex cryptocurrency in 2016.

The cryptography was among the largest ever recorded.

DeFi CEOs talk about the current situation

Eric Chen, CEO and co-founder of Injective Labs, a smart contract optimization platform optimized for distributed financial applications, spoke to the Cointelegraph earlier this week and said there was hope that the problems would be reduced.

“We see how the current continues to slow down as stronger safety standards are set. With the right tests and further security infrastructure in place, DeFi projects will be able to prevent common operational risks in the future, “he said.

Chen gave an excerpt about measures his network was taking to prevent hacking attacks:

“Injective ensures a more densely defined application-based security model compared to traditional Ethereum Virtual Machine-based DeFi applications. Blockchain design and core module logic protect Injective from common exploits such as recurrence, maximum extractable value, and flash loans. Applications built on top of Injective can benefit from the security measures implemented in the blockchain at the solidarity level.

Recent: Growing international adoption status makes cryptocurrencies perfect for retail use

The Cointelegraph also had the opportunity to speak with Konstantin Boyko-Romanovsky, CEO and founder of Allnodes – a non-custodial hosting and mortgage platform – about increasing burglary rates. On the main motivations behind the development, he said:

“It will no doubt take some time to reduce the risk of DeFi hacks. However, this is unlikely to happen overnight. There’s a long-standing feeling for a DeFi race. Everyone seems to be in a hurry, including the founders of the project. The market is evolving faster than the speed at which programmers write code. “Good players who take all the precautions are in the minority.”

He also provided some insights into the procedures that would help combat the problem:

“The code needs to be improved and smart contracts need to be thoroughly reviewed, that’s for sure. In addition, users should be constantly reminded of a careful online protocol. Identifying bugs can be an attractive incentive. This, in turn, could contribute to healthier behavior in a particular protocol.

The DeFi industry is struggling to prevent hacking. It is hoped, however, that increased regulatory oversight and increased co-operation between stock exchanges will help stem the tide.