This site uses cookies. Browsing the site, you agree to the use of cookies. If you need more information, please visit the Cookies Policy page
Subscribe
Прямой эфир
Cryptocurrencies: 10059 / Markets: 59262
Market Cap: $ 1 201 395 971 058 / 24h Vol: $ 105 922 126 953 / BTC Dominance: 45.857839596163%

Н News

DeFi attacks are on the rise — Will the industry be able to stem the tide?

840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDUvMGQ5ZjFjODctNGZkNC00ODNmLThjZmItYTEwNzk1MTE1ODRjLmpwZw==.jpg

Dozens of DeFi systems have been hacked over the past year, and the trend doesn’t seem to be abating.

The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control.

According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols.

These figures highlight a dire situation that is likely to persist over the long term if ignored.

Why hackers prefer DeFi platforms

In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to why these groups are drawn to the sector is the sheer amount of funds that decentralized finance platforms hold. Top DeFi platforms process billions of dollars in transactions each month. As such, the rewards are high for hackers who are able to carry out successful attacks.

The fact that most DeFi protocol codes are open source also makes them even more prone to cybersecurity threats.

This is because open source programs are available for scrutiny by the public and can be audited by anyone with an internet connection. As such, they are easily scoured for exploits. This inherent property allows hackers to analyze DeFi applications for integrity issues and plan heists in advance.

Some DeFi developers have also contributed to the situation by deliberately disregarding platform security audit reports published by certified cybersecurity firms. Some development teams also launch DeFi projects without subjecting them to extensive security analysis. This increases the probability of coding defects.

Another dent in the armor when it comes to DeFi security is the interconnectivity of ecosystems. DeFi platforms are typically interconnected using cross-bridges, which bolster convenience and versatility.

While cross-bridges provide enhanced user experience, these crucial snippets of code connect huge networks of distributed ledgers with varying levels of security. This multiplex configuration allows DeFi hackers to harness the capabilities of multiple platforms to amplify attacks on certain platforms. It also allows them to quickly transfer ill-gotten funds across multiple decentralized networks seamlessly.

Besides the aforementioned risks, DeFi platforms are also prone to insider sabotage.

Security breaches

Hackers are using a wide range of techniques to infiltrate vulnerable DeFi perimeter systems.

Security breaches are a common occurrence in the DeFi sector. According to the 2022 Chainalysis report, approximately 35% of all stolen crypto in the past two years is attributed to security breaches.

Many of them occur due to faulty code. Hackers usually dedicate significant resources to finding systemic coding errors that allow them to carry out these types of attacks and typically utilize advanced bug tracker tools to aid them in this.

Another common tactic used by threat actors to seek out vulnerable platforms is tracking down networks with unpatched security issues that have already been exposed but yet to be implemented.

Hackers behind the recent Wormhole DeFi hack attack that led to the loss of about $325 million in digital tokens are reported to have used this strategy. An analysis of code commits revealed that a vulnerability patch uploaded to the platform’s GitHub repository was exploited before the patch was deployed.

The mistake enabled the intruders to forge a system signature that allowed the minting of 120,000 Wrapped Ether (wETH) coins valued at $325 million. The hackers then sold the wETH for about $250 million in Ether (ETH). The exchanged Ethereum coins were derived from the platform’s settlement reserves, thereby leading to losses.

The Wormhole service acts as a bridge between chains. It allows users to spend deposited cryptocurrencies in wrapped tokens across chains. This is accomplished by minting Wormhole-wrapped tokens, which alleviate the need to swap or convert the deposited coins directly.

Recent: How blockchain archives can change how we record history in wartime

Flash loan attacks

Flash loans are unsecured DeFi loans that require no credit checks. They enable investors and traders to borrow funds instantly.

Because of their convenience, flash loans are usually used to take advantage of arbitrage opportunities in connected DeFi ecosystems.

In flash loan attacks, lending protocols are targeted and compromised using price manipulation techniques that create artificial price discrepancies. This allows bad actors to buy assets at hugely discounted rates. Most flash loan attacks take minutes and sometimes seconds to execute and involve several interlinked DeFi protocols.

One way through which attackers manipulate asset prices is by targeting assailable price oracles. DeFi price oracles, for example, draw their rates from external sources such as reputable exchanges and trade sites. Hackers can, for example, manipulate the source sites to trick oracles into momentarily dropping the value of targeted asset rates so that they trade at lower prices compared to the wider market.

Attackers then buy the assets at deflated rates and quickly sell them at their floating exchange rate. Using leveraged tokens obtained through flash loans allows them to magnify the profits.

Besides manipulating prices, some attackers have been able to carry out flash loan attacks by hijacking DeFi voting processes. Most recently, Beanstalk DeFi incurred a $182 million loss after an attacker took advantage of a shortcoming in its governance system.

The Beanstalk development team had included a governance mechanism that allowed participants to vote for platform changes as a core functionality. This setup is popular in the DeFi industry because it upholds democracy. Voting rights on the platform were set to be proportional to the value of native tokens held.

An analysis of the breach revealed that the attackers obtained a flash loan from the Aave DeFi protocol to get almost $1 billion in assets. This enabled them to get a 67% majority in the voting governance system and allowed them to unilaterally approve the transfer of assets to their address. The perpetrators made off with about $80 million in digital currencies after repaying the flash loan and related surcharges.

Approximately $360 million worth of crypto coins was stolen from DeFi platforms in 2021 using flash loans, according to Chainalysis.

Where does stolen crypto go?

For a long time now, hackers have used centralized exchanges to launder stolen funds, but cybercriminals are beginning to ditch them for DeFi platforms. In 2021, cybercriminals sent about 17% of all illicit crypto to DeFi networks, which is a significant jump from 2% in 2020.

Market pundits theorize that the shift to DeFi protocols is because of the wider implementation of more stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) processes. The procedures compromise the anonymity sought after by cybercriminals. Most DeFi platforms forego these crucial processes.

Cooperation with the authorities

Centralized exchanges are also, now more than ever before, working with authorities to counter cybercrime. In April, the Binance exchange played an instrumental role in the recovery of $5.8 million in stolen cryptocurrencies that was part of a $625 million stash stolen from Axie Infinity. The money had initially been sent to Tornado Cash.

Tornado Cash is a token anonymization service that obfuscates the origin of funds by fragmenting on-chain links that are used to trace transacting addresses.

A portion of the stolen funds was, however, tracked by blockchain analytic firms to Binance. The loot was held in 86 addresses on the exchange.

In the aftermath of the incident, a spokesperson for the United States Treasury Department underlined that crypto exchanges that handle money from blacklisted crypto address risk sanctions.

Tornado Cash also seems to be cooperating with the authorities to stop the transfer of stolen funds to its network. The company has said that it will be implementing a monitoring tool to help identify and block embargoed wallets.

There seems to be some progress in the seizure of nicked assets by the authorities. Earlier this year, the U.S. Department of Justice announced the seizure of $3.6 billion in crypto and arrested two people who were involved in laundering the funds. The money was part of the $4.5 billion purloined from the Bitfinex crypto exchange in 2016.

The crypto seizure was among the biggest ever recorded.

DeFi CEOs speak about the current situation

Speaking exclusively to Cointelegraph earlier this week, Eric Chen, CEO and co-founder of Injective Labs — an interoperable smart contracts platform optimized for decentralized finance applications — said that there is hope that the problems will subside.

“We are seeing the tide continuing to subside, as more robust security standards are put into place. With proper testing and further security infrastructures put into place, DeFi projects will be able to prevent common exploit risks in the future,” he said.

On the measures that his network was taking to avert hack attacks, Chen provided an outline:

“Injective ensures a more tightly defined application-centric security model compared to traditional Ethereum Virtual Machine-based DeFi applications. The design of the blockchain and the logic of core modules protect Injective from common exploits such as re-entrancy, maximum extractable value and flash loans. Applications built on top of Injective are able to benefit from the security measures that are implemented in the blockchain on the consensus level.”

Recent: Rising global adoption positions crypto perfectly for use in retail

Cointelegraph also had the chance to speak with Konstantin Boyko-Romanovsky, CEO and founder of Allnodes — a non-custodial hosting and staking platform — about the increase in hack incidences. Regarding the main catalysts behind the trend, he said:

“No doubt it will take some time to lower the risk of DeFi hacks. It is unlikely, however, that it will happen overnight. There is a lingering sense of a race in DeFi. Everyone seems to be in a hurry, including the project founders. The market is evolving faster than the speed at which programmers write code. Good players who take every precaution are in the minority.”

He also provided some insight on procedures that would help counteract the problem:

“The code must get better and smart contracts must be thoroughly audited, that’s for sure. In addition, users should be constantly reminded of cautious etiquette online. Identifying any flaws can be attractively incentivized. This, in turn, might promote healthier conduct across a particular protocol.”

The DeFi industry is having a hard time thwarting hack attacks. There is, however, hope that increased monitoring from the authorities and greater cooperation among exchanges will help curb the scourge.

Source

  • 14.09.20 19:36 Егор Шетюк

    Подарите книгу)))

  • 14.09.20 19:44 Светлана П

    миллионерам привет

  • 14.09.20 19:48 Вячеслав Левков

    Крипта скам=)

  • 14.09.20 19:53 Тоха

    Понеслась

  • 14.09.20 19:57 Носов А.А

    Рига смотрит

  • 14.09.20 20:04 Прокоп

    Донаты принемаете?

  • 14.09.20 20:06 Носов А.А

    спасибо

  • 14.09.20 20:12 Юрий Ник

    Тюмень рулит😁

  • 14.09.20 20:18 Даниил

    миллионерам привет

  • 14.09.20 20:24 Никита

    18$. Задонатю вам баблишка)

  • 14.09.20 20:25 Вячеслав Левков

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 20:26 Павел Скоровойтов

    Слава эфиру

  • 14.09.20 20:35 Носов А.А

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 20:36 Тоха

    Шалом

  • 14.09.20 20:44 Лена

    Биток и эфир держу до лучших времён)

  • 14.09.20 20:47 Нина

    ​ку-ку)

  • 14.09.20 20:53 Попков С.А.

    Все good. Ростем потихоньку и падаем, как всегда

  • 14.09.20 20:58 Санек

    Всем РЕСПЕКТ

  • 14.09.20 21:01 Славка Орехов

    Спасибо за ваш труд

  • 14.09.20 21:10 Ваня А,

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 21:13 Нина

    ​ДОБРОГО

  • 14.09.20 21:20 Никита

    Привет парни!

  • 14.09.20 21:25 Егор Шетюк

    Hello

  • 14.09.20 21:27 Вячеслав Левков

    ​ку-ку)

  • 14.09.20 21:33 Попков С.А.

    Тамбов с вами братва

  • 14.09.20 21:37 Серега Бумер

    Слава эфиру

  • 14.09.20 21:42 Ваня А,

    Подарите книгу)))

  • 14.09.20 21:50 Павел Скоровойтов

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 21:54 Захар Трофимов

    Привет парни!

  • 14.09.20 21:56 Санек

    Отложил биток на пенсию

  • 14.09.20 22:03 Носов А.А

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 22:03 Попков С.А.

    14$. Надо изучать Defi , интересно

  • 14.09.20 22:09 Николай

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 22:14 Вадим Никулин

    Я из РБ слежу за вами давно💰

  • 14.09.20 22:17 Николай

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 22:24 Лена

    ​Я снова с вами)))

  • 14.09.20 22:28 Носов А.А

    Отложил биток на пенсию

  • 14.09.20 22:31 Серега Бумер

    Тюмень рулит😁

  • 14.09.20 22:40 Светлана П

    Сморгонь 👍

  • 14.09.20 22:43 Вадим Никулин

    Отложил биток на пенсию

  • 14.09.20 22:46 Николаев

    Круто

  • 14.09.20 22:53 Ваня А,

    Люблю ваши трансляции, вы крутые!

  • 14.09.20 22:58 Вячеслав Левков

    Биток вперед!!!

  • 14.09.20 23:05 Носов А.А

    ​Привет всем с Украины!

  • 14.09.20 23:06 Носов А.А

    12$. ​здарова бандиты

  • 14.09.20 23:09 Константин В.В

    Отложил биток на пенсию

  • 14.09.20 23:14 Прокоп

    Екатеринбург на связи

  • 14.09.20 23:18 Николаев

    Круто

  • 14.09.20 23:25 Тоха

    ​здарова бандиты

  • 14.09.20 23:27 Попков С.А.

    Отличные эфиры у вас

  • 14.09.20 23:33 Лена

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 23:39 Николаев

    Доброе утречко

  • 14.09.20 23:45 Лена

    Как успехи?

  • 14.09.20 23:49 Павел Скоровойтов

    ​ку-ку)

  • 14.09.20 23:51 Ваня А,

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 23:57 Попков С.А.

    Хомяки тут

  • 15.09.20 00:01 Лысый Боб

    Привет, пацаны. Слышно, видно хорошо

  • 15.09.20 00:07 Санек

    Слава эфиру

  • 15.09.20 00:12 Щука А

    Екатеринбург на связи

  • 15.09.20 00:14 Нина

    23$. Лайк

  • 15.09.20 00:16 Юрий Ник

    Вперед криптаны

  • 15.09.20 00:25 Лена

    Биток и эфир держу до лучших времён)

  • 15.09.20 00:26 Попков С.А.

    Как успехи?

  • 15.09.20 00:33 Попко Колян

    Я из РБ слежу за вами давно💰

  • 15.09.20 00:40 Даниил

    миллионерам привет

  • 15.09.20 00:50 Константин В.В

    11$. Круто

  • 17.09.20 15:31 Trident

    купил билет на семинар который изначально планировался в субботу.... в пятницу не смогу послушать, гле посмотреть запись?

  • 24.09.20 12:08 Серго1985

    Как бабло зарабатывается??

  • 15.10.20 09:16 Vyacheslav

    отлично зарабатывается !)

  • 15.10.20 09:16 Vyacheslav

    у вас как?

  • 09.02.21 10:40 ave2510

    всем привет! кто то заходил в ю8д...?

  • 10.02.21 12:52 [email protected]

    почему я на юнисвоп не вижу токен NTFI

  • 16.02.21 18:27 Jessikagylu

    Всем привет. А какой интернет вы используете для майнинга? Прочла интересную статью https://hashalot.io/blog/vyjdet-li-majning-za-limit-trafika-kakaya-skorost-interneta-nuzhna-dlya-majninga/ и задумалась над этим. Какие характеристики сети у вашего провайдера?

  • 24.04.21 07:21 [email protected]

    991532991

  • 24.04.21 07:24 [email protected]

    998991532991

  • 24.04.21 07:25 [email protected]

    [email protected]

  • 12.05.21 09:24 Calibr

    Как купить доступ в закрытый чат?

  • 18.06.21 11:05 007ja

    Как войти на выбинар бесплатный в 11:00

  • 13.07.21 19:13 ChicoChalk

    Try changehero: https://changehero.io/

  • 15.07.21 21:57 Alonzo

    ребята нужна помощь не могу завести ton на кошелек ton cristal!

  • 18.07.21 00:04 Alonzo

    ребят мне нужна помощь я не могу зайти в фермы !вроде делаю все как вы обьясняли но что то делаю не так нужна помощь

  • 26.08.21 04:09 Noverlick

    А значит надо оптимизировать алгоритм. Мы в Новерлик это сделали!

  • 08.10.21 12:36 artem2121ro

    Как принять участие?

  • 18.11.21 16:42 wakawaka

    test text

  • 14.12.21 21:40 James Delic

    Try Coinsbee. Ptatform which allows to buy gift cards for cryptocurrency www.coinsbee.com

  • 31.12.21 14:39 diled

    https://www.dropbox.com/s/ihw63ktauklo6cn/-----------.jpg?dl=0 https://www.dropbox.com/s/oep4h2mb56lucnm/----------.jpg?dl=0

  • 06.01.22 16:24 CharlesHogan

    You can try it here,<a href="https://www.miners-bitcoin.com/">Asic Miner</a>

  • 08.02.22 10:22 Xela7780

    Что там с Dogedi?

  • 18.02.22 09:17 KiSSka

    Bitpapa Супер! Очень нравится данная платформа. Удобный интерфейс и качество сделок! Совершено уже более 60 сделок и это только начало. Возможность заработка высока. Тех поддержка отвечает быстро и по делу. Для новичков все ясно и просто. Есть телеграмм канал где можно выиграть бесплатные биткоины, в общем регистрируйтесь-не пожалеете!!!

  • 18.02.22 18:02 SuperPapa

    Bitpapa лучший на мой взгляд Р2Р сервис. Почти каждый день покупаю или продаю битки. Стабильно работает площадка. Предлагают для удобства сайт, приложение на ios и Android и Телеграм-бот. Отличный дизайн, простота и доступность. За полгода 400 сделок. Обслуживание по высшему разряду. Ну и конечно, приятные бонусы и постоянные розыгрыши. В общем, я свой выбор сделал.

  • 19.02.22 01:19 BTC_DADDY

    Офигенная площадка - то что нужно современному трейдеру ! В два клика купил-продал биток и поднял на этом чутка денежки :) Быстрая верификация и адекватный персонал службы поддержки тоже не могут не радовать Всем советую!

  • 19.02.22 15:34 Sexy_Girl

    Крутотень а не площадка, есть сайт классный с красивым интерфейсом, ботяра есть, им не пользуюсь, но кому как) тех поддержка на ура! но большие комиссии на вывод эфира и тезера. вообщем советую

  • 19.02.22 16:45 megoflood

    Как я счастлива что моему взору попался битпапа и теперь я могу не ждать по полчаса ответа от бота обменника,а за три минуты купить себе биткоин по выбранному мною курсу. Просто шикарный сервис с клевым приложением и ботом в телеграмме . Минимум комиссий, а зачастую вообще их отсутствие.

  • 19.02.22 23:40 Amerikanec105

    Крутой сервис,с хорошими акциями для своих клиентов и нормальным таким андроид приложением. Никаких багов в нем не обнаружила. Минусов на самой площадке не заметила вовсе,сплошные плюсы и позитивный настрой после пользования сервисом😸 будем пользоваться и впредь. Всем советую!

  • 20.02.22 01:34 sestra_meda

    Круто! отлично! Четкая программа для криптовалюты, есть только три крипты, это эфириум тезер и биток, большик комиссии на биткоин. Чат крутой. Пользуюсь более полугода, за все время все четко. Советую всем

  • 20.02.22 03:02 flour

    В кошеле очень удобно просматривать эквивалент крипты в рублях, и сортировать доходы/расходы по типам операций. В этом месяце на маркете было жарко, поэтому у меня больше входящих переводов

  • 20.02.22 08:09 Nikolay91179

    Могу оставить свое мнение. Битпапа хороший обменник p2p. Удобное приложение. Телеграм бот помогает сделать большинство операций по покупке продаже криптовалюты биткоин ефириум тезер. Реферальная программа для получения дополнительной прибыли. В чате очень дружная команда. Я сделалиуде более 120 операций по покупке продаже. Советую ,)

  • 20.02.22 09:02 Крестный Отец

    БитПапа классный обменник , на которой покупаю и продаю уже год. Радует интерфейс на русском языке и уровень безопаности, так как биржа имеет лицензии от регуляторов. Можно пополнять счет прямо с банковской карты, что тоже есть не везде.

  • 18.03.22 13:41 cross chain

    The future is cross-chain and you can do that now a token bridge. A cross-chain bridge let's you launch your token on multiple blockchains and allow users send your tokens between chains. Launch your token on any EVM blockchain with our cross-chain bridge.

  • 18.03.22 13:41 cross chain

    The future is cross-chain and you can do that now a token bridge. A cross-chain bridge let's you launch your token on multiple blockchains and allow users send your tokens between chains. Launch your token on any EVM blockchain with our cross-chain bridge.<a href="https://www.blockchainx.tech/bridge-smart-contract-development">Build a cross chain bridge</a>

To join the Chat, you need a free pro-blockchain.com account. Enter Registration