Decentralised Finance (DeFi) products lost over $438 million to theft over the last 30 days, recovering only $75 000 over the same period. A key driver of this trend is the decentralised nature of these projects which leaves it exposed to scams, theft and exploits.
The latest high-profile heists are raising the threat level around the industry.
No ad to show here.
At the beginning of February, the Wormhole exploit saw attackers siphon off 120 000 wETH from the token bridge between Ethereum and Solana – worth a market price of $320 million at the time. And the Qubit Finance hack at the end of January had the platform on its knees, begging the hackers to return the 77 000 qXETH for a $250 000 bug bounty.
What made the Qubit hack concerning is that the platform operates as a bridge allowing investors to deposit one cryptocurrency and withdraw another between Ethereum and the Binance Smart Chain.
According to blockchain security firm CertiK, the hackers exploited a logic error in the Qubit code. A smart contract software bug allowed the hacker to transfer over 200 000 Binance coins worth about $80 million after depositing 0 ETH.
DeFi systems claim to improve security by contracting independent code reviews. This helps identify flaws and gives the opportunity to plug them. Another mitigation method is stressing the safekeeping of keys and passwords to user wallets.
Critics have expressed concerns that the DeFi market removes third-party control of user assets because these intermediaries have proven to assist in discovering and stopping scams in traditional finance.
The DeFi method uses a smart contract instead of a provider to hold your assets.
These transactions are trustless, meaning that the trading parties don’t have to know or trust one other.
By relying solely on the blockchain immutable, permanent, and unchangeable qualities, the DeFi are vulnerable to a simple majority attack to alter the protocol. And when a vulnerability occurs it allows cybercriminals to drain cash quickly because no one can patch the bug until it’s fixed.
Solutions that have been explored include Decentralised Autonomous Organisations (DAO), which Bunny and Qubit are said to enter into after the exploit. DAOs automate decisions and facilitate cryptocurrency transactions. Although these solutions do come with their own security risks.
Featured image by Tima Miroshnichenko/Pexels