DeFi Hacks Exposed: Top 7 Threats & Safety Tips

The greatest DeFi attacks in recent months will be examined in this post, along with our five recommendations for addressing the issue.

On August 2, 2022, hackers broke into Nomad, a Fintech Tool that enables users to swap tokens from one blockchain to another, and stole around $190 million in cryptocurrency.

The change to Nomad's code signaled the start of the attack. Each time a user made a transaction, a portion of the smart contract was recorded as being in effect. This made it possible for malicious users to withdraw more money than they had actually deposited. Hackers kept going until $190 million worth of cryptocurrency was removed from the bridge.

Nomad never found out until it was too late.

Elrond egold (EGLD), the native token of the Elrond blockchain, was hacked in June 2022 when hackers took advantage of a flaw in the decentralized exchange Maiar to steal roughly 1.65 million of it. According to researchers, the attacker exploited three wallets and a smart contract to steal EGLD worth an estimated $113 million from the exchange.

800,000 of the coin were sold by the hackers right away for $54 million on the same DEX, while the remaining tokens were either sold on centralized exchanges or exchanged for Ethereum.

Hackers launched another attack on the Horizon bridge on June 23, 2022, just days after the Elrond hack, costing nearly $100 million. A cross-chain interoperability platform, Horizon, connects the Harmony, Binance Smart Chain, and Ethereum blockchain networks.

PeckShield disclosed that more than $98 million tokens were exchanged for ether on the Harmony-managed platform. The impacted user wallets were over 50,000. Later, the hackers transferred $35 million via Tornado Cash.

A DeFi protocol called Beanstalk Farms, which intended to balance the supply and demand of various cryptocurrencies, was attacked in April 2022, and $182 million worth of cryptocurrency was stolen.

According to PeckShield, the attacker took advantage of Beanstalk's majority vote governance structure and voted to send themselves $182 million. The attacker acquired a controlling interest in the protocol using a flash loan, but the corporation estimated that their actual profit was just around $80

Axie Infinity's Ethereum-based sidechain, Ronin Network, was conned out of roughly $620 million in ETH and USDC in March 2022. In two transactions, the assailant "used hacked private keys to fabricate bogus withdrawals" from the Ronin bridge contract.

One user's failure to withdraw 5,000 ether on March 23 led to the discovery of the vulnerability a week later. A total of 173,600 ETH and 25.5 million USDC, worth more than $620 million at the time, were stolen by the hacker.

The largest DeFi hack in history is thought to have occurred on the Ronin Network. According to PeckShield, it is still the largest so far this year.

A hacker stole approximately $320 million in wrapped ETH from the Wormhole protocol on February 2, 2022. This protocol connects Solana, Ethereum, Avalanche, and other major cross-chain crypto networks.

To mint wrapped ETH, a form of cryptocurrency whose value is tied to that of Ethereum, wormhole users are required to stake Ethereum.

The exploit was attributed by analytics company Elliptic to Wormhole's disregard for "guardian" account validity. enabling the attacker to create 120,000 wETH without any underlying Ethereum. The hacker then converted 93,750 wETH into Ethereum and the remaining funds into Solana. At the time, the loss had a total cost of nearly $320 million.

On January 28, 2022, the DeFi protocol reported that it had been attacked and that 206,809 Binance Coins (BNB) had been taken from its QBridge protocol as a result. The tokens had a total market value of $80 million.

Security firm Certik claims that the attacker created 77,162 qXETH, a type of crypto used to symbolize Ethereum bridged via Qubit, by utilizing a deposit option in the QBridge contract. The assailant made the platform think they had made a deposit. Once the procedure had been carried out enough times, they traded the assets for BNB and disappeared.

Since cross-chain applications are popular right now, projects frequently launch their token on many chains. However, a wrapped version of the native tokens is produced by some EVM-based chains and cross-chain bridges. For instance, Bitcoin is wrapped on Ethereum and BSC. Although you don't have the original Bitcoin, the value is the same as it. If you have a long-term holding strategy, it is preferable to hold the native ones.

Regarding stablecoins, the previously noted problem about native tokens on native chains is far more important. It is far preferable to hold the native form of stablecoins rather than the wrapped one if you want to be in stables when the market declines. Examples include BTC, ETH, TRX, SOL, ALGO, OMG, and BCH, all of which support USDT. There is a chance of cross-chain bridge risks with any other chain. Additionally, ones with fiat collateral, such as USDC and USDT, experienced fewer disputes. The ones with cryptographic collateral, like MIM and DAI. Finally, while using algorithmic ones that are still in the beta stage, exercise extreme caution.

Furthermore, you ought to be knowledgeable about how bridges work. Bridge protocols account for the majority of DeFi hacks, making them the riskiest Dapps overall.

Although we'll give some EVM-specific advice, wallet security is a crucial fundamental that applies to all crypto-related activities in general. The first rule is to keep your money in a cold wallet that isn't connected to any dApps. You should have a second hardware wallet that serves as your web3 identity and contains the bare minimum of funds required for using dApps. Additionally, a standard software wallet like Metamsk that is not connected to a hardware wallet may be required if you wish to participate in activities that demand more speed (such as initial offers and NFT drops).

First, a smart contract security expert audit of the platform is required. The reason is that they are able to request that you call and sign any smart contract function on the front end. The permissions that function requests must be taken into consideration. For instance, it is preferable to approve a set amount, like $200, rather than granting unlimited authorization, if you wish to allow a token for exchanging $200 worth of a token on a DEX.

Even though the DeFi space is more susceptible to attacks, security professionals in the blockchain industry can develop preemptive measures to thwart attackers. The DeFi ecosystem becomes anti-fragile due to this cycle. Even if these starlings would reduce public confidence in this area, positive effects would emerge in the long run. The fact that centralized exchanges were frequently attacked by hackers in the past provides evidence for this theory. While the frequency of hacks against them has significantly decreased in recent years. In the future, we might anticipate a similar progression in the DeFi protocols.