Since 2020, users have incurred losses totaling over $12 billion from fraud and theft on DeFi platforms, with most losses—$10.5 billion—occurring in 2021. This is stated in a study by Elliptic.
Experts estimate that only $721 million of the aforementioned amount was subsequently reimbursed. The most frequent targets were the Ethereum and Binance Smart Chain blockchains.
The main causes of attacks on decentralized projects are coding errors and architectural flaws, accounting for $5.5 billion and $5.3 billion respectively.
The abundance of large liquidity pools allows hackers to launder proceeds from criminal activity with little to no trace. Fraud in the sector is also commonplace.
Losses tied to administrator keys total $1 billion, with exit scams at $18 million. Regarding the latter, experts note that the amount may be higher, as this type of fraud is harder to detect than exploits.
Among dapps, 34% of the total losses were attributed to lending services, 17.1% to DEXs, 16.4% to asset-management apps and 13.5% to cross-chain bridges.
“Decentralized applications are designed to operate in a trustless environment, as they remove any external control over users’ funds. But you still have to trust that the protocol developers have not made errors in code or design that could lead to losses,” said Elliptic analysts.
Major DeFi platforms say they are taking a range of measures to improve security, from hiring external firms to audit code for vulnerabilities to storing keys and passwords needed to access user wallets in secure environments.
According to the industry tracker DeFi Llama, at the time of writing crypto assets deployed on DeFi platforms total around $253 billion, up from $16 billion a year ago.
On August 10, hackers carried out the largest attack in the history of the industry on the Ethereum, Binance Smart Chain and Polygon blockchains, breaching the Chinese cross-chain protocol Poly Network. The total damage amounted to $611 million in various cryptocurrencies.
In February, August and October, hackers attacked the DeFi protocol Cream Finance. In the first case, criminals exploited a bug in the Alpha Finance smart contract and stole tokens worth $37.5 million. In the second — they exploited a bug in the Flexa Network smart contract to obtain additional flash loans of tokens worth more than $18 million. In the third — a bug that “allows borrowing all funds in current lending pools” cost the platform worth $130 million.
In early November, the DeFi platform bZx reported a breach. The losses were estimated at $55 million.
Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.