Hackers Zero-in on DeFi Projects
The Intelligent Insurer #41 — Industry is most hacked in 2021
Decentralized finance (DeFi) hacks have dominated breaches and cyber theft in 2021. According to reports, over 75% of hacks worldwide in 2021 targeted DeFi platforms. This is a major concern for an industry that is still in its early stages of development.
In the latest Intelligent Insurer, we explore some of the reasons behind the rampant hacking of DeFi, and the efforts made to safeguard users’ funds going into the future. We also look at a possible solution that will safeguard users at all times. However, we’ll first highlight our progress via our weekly software development update.
Insured Finance development update
Our progress towards releasing our next-generation digital asset insurance platform continued this past week. We released a new trial version of our landing page and token faucet and are awaiting feedback before releasing it live. We also continued to make internal improvements to ensure our users experience a fully functional and safe environment.
- We completed a major update that ensures complete smart contract security. Proxy Patterns will help us release patches and updates to our smart contracts while preserving their immutability.
- We have also introduced a Pausable Mechanism that allows us to disable certain smart contract functionality in case of an emergency. Both of these upgrades will help us combat malicious attacks and secure our users’ data and assets on our platform.
- We updated our API to CoinGecko to stream asset prices and continued to fix minor bugs.
As we draw ever closer to the full release of our platform, we remain committed to providing our users with a secure experience. Over the next week, we’ll work on preparing our Beta release with the updated landing page and continue to conduct research into securing our platform as robustly as possible.
Hackers have stolen $1.4 billion from DeFi projects
In 2021, DeFi protocols have lost over $1.4 billion with $760 million returned to the platforms. This leaves a deficit of $680 million as the net loss to the industry. Needless to say, these hacks debilitate both the platforms and their users. The platforms suffer major losses due to steep drops in token prices and loss of users. The users lose their funds and aren’t always compensated fully.
These hacks don’t have a specific pattern and target a range of weaknesses. Some target weaknesses in a platform’s code base while others manipulate data feeds to falsify token prices and withdraw funds. Some attacks feature the use of flash loans to leverage malicious purchases and the use of anonymized transfer services such as Tornado.cash to move funds before they can be traced.
One may expect that the many cases of platform exploits and funds theft would discourage users from embracing the emerging technology of DeFi. On the contrary, despite these setbacks, the DeFi industry continues to grow. The total value locked (TVL) in DeFi projects reached an all-time high (ATH) of $105.85 billion recently. This growth shows the appetite investors have for decentralized finance applications. However, the constant stream of hacks and exploits might dampen enthusiasm and restrict mainstream acceptance.
Exponential DeFi adoption creates security vulnerabilities
Aside from developer incompetence via coding mistakes and a lack of testing, there is another factor at play that explains the rise of exploits. The COVID pandemic emphasized the need for change in financial services. Peer-to-peer financial systems powered by smart contracts in decentralized blockchains were the solution. Many users adopted these smart contracts as alternatives to banks and brokerages, thereby eliminating the need for intermediaries.
However, the huge influx of new users, with participants entering the ecosystem as developers, investors, or product consumers, created scaling issues. Several projects are open source and generally, such projects are prone to miscommunication and misunderstandings between core dev teams. This isn’t to say open source projects are a bad choice.
However, when multiple developers can add forks and act on their ideas without complete approval, misunderstandings arise and the project’s core focus might be lost. This creates security issues and serves as an incentive for hackers to inspect and exploit these platforms.
The biggest hacks in 2021 include the exploit on Poly Network to the tune of $611 million on August 10th, 2021. Compound DeFi was hacked for $147 million on September 29th, 2021, and Cream Finance was exploited for $130 million on October 27th, 2021. These three are the top-ranked exploits by volume so far in the DeFi industry.
DeFi users need digital asset insurance
Cream Finance is an example that highlights developer incompetence. After making the top three on the list of the largest DeFi hacks, the platform was exploited once again, as we reported recently. Users were left questioning developer motives behind failing to adopt basic security measures.
Critically, loopholes exploited by hackers tend to involve issues in arcane lines of code that the average user cannot decipher. While platforms have responded by issuing bug bounty programs, it is unrealistic to assume white hat hackers can eliminate every loophole in a system.
Moving forward, decentralized digital asset insurance platforms like Insured Finance are the best solution for users. Anyone can purchase, or provide insurance for digital assets using smart contracts. This settles any uncertainties surrounding code vulnerabilities and other factors that are outside user control, and always ensures optimal asset protection.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Users can request customized insurance on a wide variety of digital assets, thereby ensuring full protection. Those fulfilling requests can earn premiums and earn a competitive return on their capital. Claims are fully collateralized and settled instantly.