2022: Top 5 DeFi Hacks Plus Safety Advice
Hackers search for fresh ways to attack at the same time as the DeFi ecosystem develops. Although 2022 hasn't ended yet, the total value of the stolen cryptocurrency has already surpassed the previous high set in 2021. Analysis reveals that rather than wallets or CEX platforms, which were already in the first stage, the DeFi protocols now make up the largest share of the stolen money.
Anybody in this area is at risk from security threats. Because of this, we need to keep updated with developments in web3 security. In this post, whether you're a Dapp developer or a regular web3 user, we'll classify common hacks, look at cases of each security measure, and then give you some safety tips to be more protected against hackers.
State of Crypto Hacks in 2022
According to research from AtlasVPN, hackers have already stolen more than $1.6B in the cryptocurrency market this year. In 2021, this amount will already be greater than $1.5B. Additionally, hackers now prefer to target decentralized applications (dApps) rather than centralized exchanges and wallets.
Examples of Different DeFi Hacks
We will go over various hacking techniques in these blockchain-based applications in this section. We don't include centralized exchange stories and concentrate on the problems with Dapps' smart contracts.
TX Uranium Finance: $57M Link Typos
A decentralized application (dApp) called Uranium Finance runs on the Suchiswap-forked BSC network. While copying the scripts, they made a few adjustments, replacing "1000" with "10000" in all contracts but one piece of code. The exploiter was then able to exchange a small number of tokens for output tokens like BUSD and BNB valued at $57M. In the history of the blockchain and possibly the entire globe, this typo was historic.
Deus Finance: $13M: Flash Loan + LP Manipulation Attack
In this instance, the exploiter manipulated the price oracle reading from the pair StableV1 AMM — USDC/DEI by using a flash loan. The borrowing pool was depleted, and the DEI price was dramatically increased. Additionally, the attacker utilized a flash swap to adjust the on-chain price and another flash swap to change the VWAP on the Muon oracles. This attack happened in a few minutes as well.
Attack on Beanstalk with Governance + Flash Loans: $182M
Decentralized governance is one of Beanstalk's key characteristics. The hacking incident included the emergencyCommit smart contract function. It was designed to allow the community to put contract cash into a different secure wallet address in case the votes reach 2/3 of the community. The assailant produced two #18 and #19 proposals before using a flash loan worth millions of dollars for a Diamond contract. Then, with 80% of the vote in the governance system, the exploiter activated the emergencyCommit feature. The hackers then used contract money to pay off the flash loan. It is notable that everything that happened in this block. A quick loan operates in this manner.
EasyFi: Private Key: $7M
Since it is not directly tied to anything in the smart contract algorithms, this type is quite unique. A DeFi platform called EasyFi sits atop MATIC. Through a remote connection, the hacker got access to the founder of the protocol's system, discovered private keys, and subsequently took +$7M from the system. This issue demonstrates how important using multiple signatures and distributing sensitive material is.
Be careful in this chaotic market!
Use the native chain for the tokens.
Since cross-chain applications are popular right now, projects frequently launch their token on many chains. However, a wrapped version of the native tokens is produced by some EVM-based chains and cross-chain bridges. For instance, Bitcoin is wrapped on Ethereum and BSC. Although you don't have the original Bitcoin, the value is the same as it. If you have a long-term holding strategy, it is preferable to hold the native ones.
Implement stablecoins on their chain.
Regarding stablecoins, the previously noted problem about native tokens on native chains is far more important. It is far preferable to hold the native form of stablecoins rather than the wrapped one if you want to be in stables when the market declines. Examples include BTC, ETH, TRX, SOL, ALGO, OMG, and BCH, all of which support USDT. There is a chance of cross-chain bridge risks with any other chain. Additionally, ones with fiat collateral, such as USDC and USDT, experienced fewer disputes. The ones with cryptographic collateral, like MIM and DAI. Finally, while using algorithmic ones that are still in the beta stage, exercise extreme caution.
Watch Out for the Bridges
Furthermore, you ought to be knowledgeable about how bridges work. Bridge protocols account for the majority of DeFi hacks, making them the riskiest Dapps overall.
Utilize several wallets
Although we'll give some EVM-specific advice, wallet security is a crucial fundamental that applies to all crypto-related activities in general. The first rule is to keep your money in a cold wallet that isn't connected to any dApps. You should have a second hardware wallet that serves as your web3 identity and contains the bare minimum of funds required for using dApps. Additionally, a standard software wallet like Metamsk that is not connected to a hardware wallet may be required if you wish to participate in activities that demand more speed (such as initial offers and NFT drops).
When linking your web3 wallet, ask permission.
First, a smart contract security expert audit of the platform is required. The reason is that they are able to request that you call and sign any smart contract function on the front end. The permissions that function requests must be taken into consideration. For instance, it is preferable to approve a set amount, like $200, rather than granting unlimited authorization, if you wish to allow a token for exchanging $200 worth of a token on a DEX.
Even though the DeFi space is more susceptible to attacks, security professionals in the blockchain industry can develop preemptive measures to thwart attackers. The DeFi ecosystem becomes anti-fragile due to this cycle. Even if these starlings would reduce public confidence in this area, positive effects would emerge in the long run. The fact that centralized exchanges were frequently attacked by hackers in the past provides evidence for this theory. While the frequency of hacks against them has significantly decreased in recent years. In the future, we might anticipate a similar progression in the DeFi protocols.