The 2022 DeFi Hack Tsunami, the Reasons and Preventive Measures

Since its emergence over a decade ago, the DeFi space has been pivotal in the financial sector's evolution. Decentralized finance introduced virtual assets, smart contracts, DAO governance, and other offerings that facilitate blockchain-based operations.

The DeFi model and its components eliminate the need for a centralized entity as an intermediary during financial operations. 2008's economic crisis prompted the creation of this new system of finance that placed users in control of their assets. Over the past few years, the DeFi sector has grown extensively; its many benefits have caused it to amass millions of participants around the globe. According to Chainalysis, the market's total value locked last peaked at $256 billion, a considerable figure.

However, with the overall expansion of decentralized finance comes a significant level of risk. More DeFi projects are open to exploitation by threat actors, and the past four months of 2022 have brought this into the light more than ever before. Chainalysis reports that DeFi protocols accounted for a staggering 97 % of stolen crypto this year.

The Lazarus hackers made history just over a month ago after they pulled off a $625 million exploit on the Axie Infinity's Ronin bridge, the biggest heist the blockchain and crypto space has seen.

We'll be looking at the massive rise in hacks and exploits that came with 2022. How does DeFi work, and why is this sector a primary target? Is it possible to stop user funds from leaking out whatever holes the hackers have found?

To address the various aspects of this topic, we have to nail down a few core points. To begin with;


What are DeFi exploits, and how do they occur?

---

A hack or an exploit occurs when a malicious actor successfully leverages loopholes or vulnerabilities in the smart contract or security system of a DeFi protocol or platform; the individual or group gains backdoor access to user funds, typically resulting in the theft of said assets.

Cyber actors already netted up to $1.3 billion worth of stolen cryptocurrency in the first quarter of this year. A massive figure compared to 2021's $154 million lost in Q1. As Wall Street reports, the hackers have achieved this by hitting the industry with a hack a week.

Between 2020 and 2021, the number of hacks rose to twice the initial value, from 117 to 250; it is undeniable that DeFi exploits are becoming a regular phenomenon. In the years since decentralized finance became a thing, hackers have utilized a series of methods, some that have been used within the past four months include;

Security Breaches

A security breach occurs when a cyber actor gains unlawful access to a platform's systems and data. Chainalysis describes it as "the crypto-equivalent of pick-pocketing," the analytics firm also says these attacks are behind 35% of all stolen crypto funds from 2020 to date.

The Ronin exploit is an example of this, as the hacker pulled off the heist by taking over 5 of the sidechain's 9 validator nodes.


Flash Loan Attacks
On the 18th of February, Ethereum-based DeFi project Beanstalk fell victim to governance exploits that drained it of $182 million.

The attacker was able to carry out the breach by taking out a $1B loan from lending platform AAVE; they then purchased a large quantity of Beanstalk's native BEAN token and gained control of 67% of the project's governance. The hacker gave the green light on two malicious proposals they had previously issued and drained the funds to an external wallet.

The hacker obtained a flash loan, a considerable amount of funds the borrower retains for a short time without the need for collateral. Flash loans are meant for more ethical purposes, but as in the case of Beanstalk Farms, a bad actor can use the money to take advantage of openings in the smart contract or, in a typical course, manipulate market prices for gain. Flash loan attacks are just one example of code exploits.




Cross-Chain Exploits


Malicious parties have carried out some of the biggest heists of 2022 by targeting cross-chain bridges. To understand how these sorts of code exploits can occur, we must first consider their targets, cross-chain bridges.

A cross-cross chain bridge can be described as a path between two blockchain networks. They facilitate the transfer of assets between blockchains; however, in the process, a huge amount of funds is tied up in one place, making them attractive to hackers.

An example of an attacker exploiting the cross-chain vulnerability was in February with the blockchain bridge Wormhole Portal. The attack saw the platform lose $325 million and has contributed to the growing criticisms of cross-chain technology.


Why DeFi Hacks are Increasing in Frequency

---

Increased DeFi Adoption

The first and most obvious reason for the rise in attacks is that the decentralized finance industry has evolved into an appealing target. As the sector's user base expands, hundreds of projects have made their debut, and there are simply more funds to steal. The cash flow is increasing, and malicious individuals are well aware of this.

Inadequate Regulation & Security Measures

According to data on the Rekt leaderboard, 8 out of 10 projects that were victims of the biggest exploits had not undergone a security audit. A security audit entails a comprehensive review of a protocol's code to spot bugs and possible openings in the smart contract. These typically occur before the project is launched and form a key security aspect in decentralized finance. With this sort of threat assessment, developers can cut short potential attacks and lessen the investor risk.



Smart Contract Vulnerabilities/Coding Errors

---

Another unfavorable effect of the increase in DeFi popularity is a massive influx of poorly designed projects. Attackers aren't the only individuals who have taken note of the lucrative nature of decentralized finance. Many are eager to participate in this thriving industry, and unqualified developers appear to have no scruples about kick-starting projects of their own.

Cybercriminals are known to take advantage of the open-source code of DeFi protocols. Hackers take time to search for critical vulnerabilities to exploit, and with incompetent developers churning out poorly built projects, these aren't difficult to find.

Complex Technologies

The DeFi ecosystem incorporates various components, which, as the industry has evolved over the years, have evolved alongside it. The decentralized financial sector pursues enhanced ease of use and accessibility while providing users with substantial returns. More complex applications (such as the cross-chain bridges) are susceptible to exploits, and potential shortcomings are easy to overlook.


The Implications of 2022's Rush of DeFi Exploits

---

Hackers, investors, and developers alike follow the money as they turn their attention to the decentralized finance industry. It shows that, as said earlier, the industry has seen a significant increase. However, the hacks don't just indicate that attackers and other individuals are following the funds.

In an interview with Yahoo Finance, Mitchell Amador, founder, and CEO of blockchain security firm Immunefi stated that DeFi participants should expect sophisticated attacks such as these to grow more commonplace. Threat actors such as North Korea's Lazarus hackers are building more cybercrime expertise internally.

It's important to note that the rise in hacks is a transition from the scams that seemed to dominate the industry last year. DeFi participants have grown more aware of fraudulent methods and can thus avoid them. Security breaches and code exploits are the more significant threats now, and the need for security falls on the platforms and protocols.

The alarming regularity of hacks is a severe threat to the whole of the DeFi sector; it raises questions about the reliability of decentralized finance and can hamper industry growth. Let's look at some of the ways platforms can prevent hacks.

Measures to Avoid Hacks

One key aspect to address is smart contract security. Scheduled audits of the code of any project will go a long way in preventing hacks as it helps the developers spot vulnerabilities and openings they can resolve on time.

Of course, this cannot prevent 100% of attacks which necessitates additional measures such as blockchain analysis which can help researchers spot suspicious market movements. Chainalyis provided data on how hackers laundered funds post-heist over the past years.


Such information provides an overview of the cash flow, which can help analysts track stolen funds to aid recovery. Through this, Axie Infinity's dev team Sky Mavis has recovered a small portion of the stolen funds.

It's important to note the role of centralization in these hacks. The Ronin hack reignited discussions about the need for true decentralization in DeFi. Centralized validation (just nine validator nodes) left the bridge vulnerable. Following the attack, it has become evident that decentralization is more than just a form of ideology but a practical need for blockchain safety.


Author: Gate.io Observer M. Olatunji
Disclaimer:
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement