- This year has made the greatest amount on record for total value hacked with the gross tally for the year past US$3 billion.
- Cybersecurity unfortunately is often best led through centralized efforts and attempts to decentralize securing the DeFi landscape remain elusive for now.
According to blockchain data analytics company Chainalysis, at least US$718 million has been stolen so far in October alone, taking the gross tally for the year past US$3 billion and making this year the greatest amount on record for total value hacked.
A mountain of hacks, primarily in decentralized finance comes at a time when soaring U.S. Treasury yields has seen the “total value locked” in the sector dwindles as yields in smart contracts and liquidity pools is outshone by safer investment instruments.
DeFi protocols which deploy software-based algorithms to enable investors to trade, borrow and lend on digital ledgers without using a central intermediary have become a favorite target for hackers as centralized exchanges have beefed up security.
Not so long ago, centralized cryptocurrency exchanges were regular victims for hacks, but stronger cybersecurity measures has dramatically lowered such incidents.
DeFi on the other hand uses open source code, and decentralized exchanges often rely on developer communities to maintain and secure the code that allows for direct peer-to-peer transactions.
But a lack of blockchain interoperability has meant that bridges, which allow tokens to be used across different blockchains, to become a critical point of weakness.
Bridges, which operate on open-source code as well, are almost entirely run by communities of volunteer developers who are rewarded in native tokens for their efforts, but also present a vast attack surface area for hackers.
Blockchain interoperability is facilitated by bridges which holding tokens from one blockchain in smart contracts and “mint” the equivalent token on a different blockchain for compatible use.
Hackers can target bridges in a variety of ways, including tricking the smart contract into believing that a token has been held in escrow when it has not been, using a re-entrancy bug, and minting “unbacked” tokens, or targeting the amounts held in escrow to begin with.
Chainalysis claims that “October is now the biggest month” for hacking activity in 2022 with two major exploits roiling the cryptocurrency sector in recent days.
One was a heist whereby a hacker spirited away about US$100 million from DeFi service Mango by manipulating the price of its token.
Another was nearly US$570 million of BNB, the Binance token, that was effectively minted and taken by a hacker through a bridge exploit.
Because the hacker in the Binance incident was “minting” tokens, Binance was able to freeze most of the tokens, but US$100 million worth remains unaccounted for.
DeFi platforms are also a prime target for state-sponsored hacking and earlier this year, Chainalysis estimated that North Korea-affiliated groups have stolen approximately US$1 billion of cryptocurrencies from DeFi protocols.
But unlike for centralized cryptocurrency exchanges, solutions for DeFi may still be some ways away.
Whereas a centralized crypto exchange can simply take its assets off so-called “hot wallets” which care connected to the internet and store the bulk of reserves in offline “cold wallets,” the definition of DeFi is that all of the assets sit in the smart contracts themselves.
And until alternative solutions for bridges are found, they remain a key piece of critical blockchain infrastructure that is prone to hacks and are likely to remain exploited for some time to come.
Cybersecurity unfortunately is often best led through centralized efforts and attempts to decentralize securing the DeFi landscape remain elusive for now.