In 2020, DeFi projects surged in popularity. The amount of capital locked in the sector had already surpassed $100 billion, and the number of projects exceeded 200. But a fly in the ointment is often present.
Rapid growth of DeFi drew the attention of attackers who exploit vulnerabilities in existing projects and create their own fraudulent schemes under the banner of decentralized finance.
Liquidity pools on DEXs, in combination with mixers, began to be used to obscure traces for money laundering.
For ForkLog, the analytical company Crystal Blockchain thoroughly analyzed the Harvest Finance hack, which became the largest incident in the DeFi space in late 2020.
Timeline of the Hack
Harvest Finance is a protocol enabling yield farming, which aggregates yields across various lending protocols, optimizing them to extract maximum profits.
On October 26, an unknown hacker, by arbitrage manipulation, transferred about $25 million to his address (13 million USDC and 11 million USDT).
The hacker withdrew $19.8 million from the Harvest Finance platform. The FARM price fell by 50%
On the very first day, the attacker sent 13 million USDC to the decentralized exchange Uniswap. As a result of the exchange, he received more than 30,377 ETH to his address.
Data: Crystal Blockchain.
Then in 12 transactions the hacker exchanged 11 million USDT for over 26,500 ETH.
51,315 ETH from this amount he transferred in 11 transactions into tokenized Bitcoin – Wrapped BTC (WBTC), obtaining more than 1,519 tokens in total.
Data: Crystal Blockchain.
Crystal Blockchain also detected a transfer of 300 ETH to the Tornado mixer.
WBTC was sent to another DeFi protocol – Ren, through which the attacker converted the tokens into Bitcoin, distributing them across seven addresses.
Data: Crystal Blockchain.
Next, half of the Bitcoin moved to Wasabi and some to centralized exchanges, including Binance and Huobi. The other half remains unmoved for now. Crystal Blockchain will continue to monitor the funds’ movement.
Data: Crystal Blockchain.
How effective are DeFi protocol hacks?
The hacker clearly tried to confuse the investigation by moving funds through several DeFi protocols. However, given that the Uniswap protocol (including forks) and Ren provide information about the tokens involved in the swap and the final recipients’ addresses, such obfuscation methods cannot be considered effective.
The challenge in such cases lies in the need for additional resources to “deploy” swap transactions.
Crystal Blockchain marks all addresses that potentially belong to the offender, which will help virtual asset service providers (VASPs) in preventing money laundering. To truly muddy the traces, attackers have to move funds through loosely regulated exchanges and traditional mixers.
From the current situation, one may say the DeFi sector will continue to develop, but note the key features and differences of DeFi protocols:
- Decentralized exchanges (DEX) do not require user verification;
- A DEX user’s funds always remain under their control, whereas centralized VASPs have full control over them;
- Hackers find vulnerabilities in the decentralized protocols themselves, which is how funds are withdrawn. The weaknesses of centralized platforms are primarily in protection;
- User funds in the decentralized sector are not insured against hacks, as they remain under user control. By contrast, some centralized exchanges form insurance pools and pay out compensation;
- DEXs do not have a native fiat on-ramp. For this, users (including attackers) often have to convert tokens into popular cryptocurrencies (Bitcoin, ETH and others) and then send them to centralized exchanges.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news stream, ForkLog — the most important news, infographics and opinions.