Recently, hacking of projects from the field of decentralized finance (DeFi) has become much more frequent. News about hacker attacks appears almost every day, writes RBC Crypto.
For example, on September 21, it became known about the hacking of the Vee Finance landing platform, during which the attacker managed to steal about $ 35 million. September 19 about the hack and loss $ 12.7 million was reported by the pNetwork project.
Last week, hackers managed to withdraw more than $ 3 million from the MISO IDO platform of the SushiSwap protocol and kidnap about $ 3.2 million from the Zabu Finance project. Later, the attacker returned all the stolen funds to the developers of the MISO platform in three transactions. In August, the biggest hack in the history of DeFi occurred: more than $ 611 in cryptocurrency were stolen from the PolyNetwork cross-chain protocol. The hacker returned all the stolen funds, justifying this by the fact that the hacking motives were not material in nature.
How hacks happen
Usually, DeFi projects are hacked through the use of vulnerabilities allowed in smart contracts by developers, explained Dmitry Volkov, CTO of the international crypto exchange CEX.IO. According to him, hackers find these vulnerabilities and use them to withdraw funds, that is, this happens thanks to the capabilities that are already inherent in smart contracts.
The expert gave an example hacking the BurgerSwap project, which took place in the spring of this year. Then the attacker exploited a vulnerability that allows repeated exchanges of tokens without updating the reserves necessary to calculate the liquidity available to the user for this, Volkov explained.
Also, in the course of attacks on DeFi projects, instant loan protocols are often used, the expert noted. They allow you to borrow tokens and cryptocurrencies, use and return them to the lender in one transaction, thanks to which they are called instant, Volkov explained. Instant loans are used to carry out hacker attacks, he said, as they increase the number of liquidity protocols used in the attack, which increases the likelihood of a vulnerability being discovered.
Another common scenario for hacker attacks in the DeFi sector is protocols that allow users to replenish their balance in one coin and withdraw in another, added the CTO of the international crypto exchange CEX.IO. He noted that this opens up the possibility for hackers to manipulate the price of a token in non-market ways, flushing liquidity from a particular token.
With the development of the decentralized finance market, we should expect an increase in attempts of hacker attacks on new DeFi projects, Volkov predicted. According to him, a cryptographic arms race is expected in the future: projects will try to reflect the threat, building up their defensive capabilities, and hackers will find more sophisticated methods of attack.
How to protect a regular user from hacking
Since the industry of decentralized finance is not regulated in any way, all responsibility for the safety of funds in smart contracts lies with the creators of projects and users who invest in them, explained the CTO of the international crypto exchange CEX.IO. To check the reliability of the DeFi project, he advised using the results of a technical audit.
“Projects always willingly demonstrate this information to users as one of their competitive advantages. Therefore, finding it will not be difficult. If the audit has not been carried out, you should warn yourself against investing money in such a project, since it may become the next victim of fraudsters, ”Volkov explained.
The expert also advised to pay attention to the reputation of the project team: if one of its members appeared in projects that have lost investors’ money, this is a signal of unreliability.
More break-ins – less break-ins
From the point of view of the development of the industry, a large number of high-profile hacks is good, says Nikita Zuborev, senior analyst at Bestchange.ru. In his opinion, the mistakes of the creators of DeFi projects allow other developers to find possible security holes and exclude them in the future.
If we take a detailed approach to assessing the security of smart contracts, then with sufficient experience of the development team, such projects can be considered more secure, the analyst explained. In such projects, the influence of the human factor is minimized, and common options for social engineering are practically excluded in hacks, Zuborev added.
“As practice has shown, large protocols with serious teams and a long term of work are not protected from hacking, so it will not be possible to completely secure yourself, even paying attention only to eminent projects. The only option for protection will be the diversification of funds in different projects, ”the expert summed up.
To protect your investments from high risk, you do not need to invest them in the DeFi industry, says Maria Stankevich, Development Director of the EXMO crypto exchange. In her opinion, DeFi projects are the most highly profitable on the market today, but the higher the profitability, the higher the risks.
“If you have a certain amount that you are ready to part with, invest it,” the expert advised.
If the project is large, it usually compensates for the losses, Stankevich explained, so she recommended choosing “high-profile” projects with an understandable team and founders.
Stay in touch! Subscribe to World Stock Market in Telegram.
I am Derek Black, an author of World Stock Market. I have a degree in creative writing and journalism from the University of Central Florida. I have a passion for writing and informing the public. I strive to be accurate and fair in my reporting, and to provide a voice for those who may not otherwise be heard.