We tell the biggest DeFi hack of 2021

Compound Finance is just one of the youngest victims of a DeFi hack in 2021. On September 30th, the incorrect token distribution in Proposal 062 exposed a vulnerability in which $ 70 million – $ 85 million in excess COMP tokens were given to users were incorrectly distributed.

However, a few days later, another $ 65 million was placed in a vulnerable vault, resulting in at least $ 150 million in COMP tokens. However, while Compound can fix the whole situation, it does show how the decentralized financial (DeFi) sector can be vulnerable at times due to its nascent nature.

Last year, the Total Locked Up Value (TVL) in DeFi was only 5% of what it is now – $ 255 billion. This change marks an explosive growth of 1686%. Even with the compound crash and, most recently, with decentralized trading communication Charts cost $ 139 million in a leaked admin key attack, TVL even rose 14.27% month over month.

One reason investors have turned to DeFi protocols is in search of higher returns. Interest rates bottomed out in 2020 with no clear framework to rise, so investors are looking for other ways to get their money. Locking crypto assets to DeFi protocols and providing liquidity for such services has become an attractive option as it offers more attractive returns. What happened after that was an agricultural productivity boom in 2020 that prevailed until that year.

Count the incidents

DeFi’s growing popularity is a double-edged sword for the emerging sector and the entire crypto space in general. According to Chinese cybersecurity firm Slow Mist, 534 blockchain hacking incidents have occurred since 2012, with 169 incidents occurring in 2021 alone. Attacks are becoming more sophisticated and target different areas of space.

However, the biggest hack of all time happened in 2021 and was carried out on Poly Network’s cross-chain protocol by an anonymous hacker. As a result, $ 610 million tokens were stolen, outperforming MtGox and Coincheck. The attack raked in around $ 273 million from the Ethereum network, $ 85 million in US Coin (USDC) from the Polygon network and $ 253 million from the Binance Smart Chain. It also removes large amounts of Yuan, Packaged Bitcoin (wBTC), and Packaged Ether (wETH).

The problem with Poly Network was one of many DeFi hack cases in 2021. Poly Network was lucky enough to get the full amount back. Cream Finance, on the other hand, is not so lucky. The decentralized credit protocol was born in the distant past, and the attack, which happened twice this year, wiped nearly $ 150 million and is still trying to recover. Overall, the total loss from blockchain hacks this year is nearly $ 7 billion, up $ 2.5 billion from last year.

Call for review

Poly Network, Compound and Cream Finance slumped into the top 3 by the number of funds affected ($ 906 million total). Like Cream Finance, there are other notable protocols that mine more than once in the same year, such as THORChain and Value DeFi.

Merlin Labs, a BSC-based productivity optimization tool that was insignificant at $ 1.5 million compared to the other victims, was also attacked three times – first twice in the same week and again a month later. It is also surprising that it was audited by hackers 11 days before the attack.

Security experts recommend that a smart contract be audited, usually by independent auditors. Auditing can help identify and possibly fix intelligent vulnerabilities in the code and check the reliability of smart contract interactions.

Brian Kerr, CEO of Kava Labs, told Cointelegraph in May 2020 how important it is for anyone who wants to test and review the DeFi protocol for the first time. But even then he warned of technical and market-related risks, since the industry was still new.

34.Download publication the full bi-weekly newsletter from Cointelegraph Consulting, complete with charts and market signals, as well as news and overviews of fundraising events.

Of the projects that fell victim to attacks this year, only about 15 DeFi protocols were tested out of 40 affected. It is worth noting, however, that the amounts involved are significantly lower for audited logs than for unaudited logs. Each audited company has almost 60% fewer losses than unaudited companies. Overall, 20.3% of the funds involved in all of the logs attacked this year came from audited logs, while 79.67%, or about $ 1.3 billion, came from unaudited logs.

The four main reasons DeFi protocols are hacked are coding errors, developer incompetence, misuse of third-party protocols, and business logic errors. The most common, and possibly the most dangerous, is developer incompetence, which is also a direct result of coding errors. Incompetent developers who rush to launch a project without rigorous third-party testing can be more prone to exploitation.

For this reason, we are continuously pushing for an additional measure to improve security protocols in the industry. Audits, especially smart contract security audits and secondary audits, are just two ways to achieve this. As Kerr said, an investor’s technical diligence is also required when reviewing the DeFi protocol prior to investing.

The light at the end of the tunnel, however, is that these hacks could be essential to the growth of the DeFi sector. CipherTrace financial analyst John Jefferies told Cointelegraph in August that such crimes will accelerate your client’s adoption of the procedure, or KYC, especially with exchanges. Decentralized or DEX can be critical to gaining regulatory approval.

As DeFi matures, especially with the advent of Layer 1 blockchains competing with Ethereum, the year-end hack events are likely just the tip of the iceberg and the protocols are poorly designed and an unsuitable problem.

Cointelegraph’s Market Insights newsletter shares our knowledge of the fundamentals that are transforming the digital asset market. The newsletter delves into the latest data on social sentiment, on-chain metrics, and derivatives.

We also review top industry news, including mergers and acquisitions, changes in the regulatory landscape, and the integration of corporate blockchains. Register now to be the first to receive this information. All previous editions of Market Intelligence are also available on Cointelegraph.com.

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page