How Hackers Get Paid
Looking at the current DeFi landscape, it is impossible to underestimate the sheer level of innovation taking place every single day. Since the beginning of 2020, the DeFi sector has grown from $0.70 million to $65 billion. That’s a >9000% increase in valuation.
However, such explosive growth and innovation come at a price. The DeFi space is a very alluring hunting ground for hackers because it is still nascent and immature despite the brainpower involved. Every other week, some protocol or the other gets hacked or rug-pulled. Of course, certain platforms have more rug-pulls than most, but that’s because they are mostly BS.
DeFi Hacks: What Does The Current Landscape Look Like?
According to blockchain threat intelligence firm, Ciphertrace, around $100 million were stolen from decentralized finance (Defi) in 2020.
- In the first half of 2020, DeFi took up 45% of all thefts and hacks ($51.5M).
- In the second half of 2020, DeFi took up 50% of all thefts and hacks ($47.7M).
2021 has already seen its share of DeFi hacks, with DODO losing $3.8 million and EasyFi losing $80 million. So, what exactly is happening here? Let’s take a look.
What Is Happening?
Most DeFi hacks often happen due to one of the following issues:
- Business logic errors
- Coding problems
- Management issues
Business Logic Error
Business logic errors are exploitable opportunities that may be created in the platform’s infra. This usually happens because the developers lack the business and financial knowledge required to foresee such loopholes. Arb attacks usually happen because of these reasons.
Despite extensive audits and bug bounty programs, smart contract bugs are still an issue. Last year Opyn faced the brunt of a bug in their code which an attacker exploited to conduct a double-spend attack and make off with 370,000 USDC.
Finally, we have management issues. Over the last couple of years we have unfortunately seen many projects getting rug-pulled immediately after receiving funds. Simply put, the founders abscond with the money as soon as they raise funds. Last month, Turtledex founders went off with $2.5 million in stolen funds.
Recent DeFi Hacks
On March 5, Paid Network was exploited by an unknown attacker through a compromised private key which deployed the smart contract’s upgrade function. This in turn allowed them to take off with 59.4 million PAID tokens worth $166 million at the time. The attack eventually swapped the PAID tokens on Uniswap for 2,040.4339 ETH. Following the hack, the PAID token price crashed from $2.80 to $0.30 which affected thousands of users. However, we saw that Gate.io looked out for the affected users with a $2 million compensation program.
Polygon Network-powered DeFi protocol, EasyFi, lost $80 million after their admin private key was compromised (surprise surprise). The loot included $75 million worth of EASY tokens and DAI and USDT tokens worth $6 million.
Meerkat Finance was a BSC-based DeFi protocol that conducted one of the most infamous rug-pulls in DeFi history. The project claimed that they were hacked for $31 million. However, on-chain data suggests that original smart contract deployers had altered the smart contract to move the tokens. So, either the people behind the project are corrupt, or – and stop us if you have heard this one before – their private keys were compromised.
We’ve Seen This Before: Many Hackers Profited During the ICO Boom
Of course, these horror hack stories are nothing new for the crypto space. Between 2014-2018, the crypto ecosystem was going through its ICO-phase, having raised $3.7 billion. Auditing firm Ernst & Young studied 372 ICO cases globally and discovered that over 10% of the funds raised had been lost or stolen in hacker attacks. That’s a staggering $400 million. The market was so FOMO-driven and so eager to get into this space that they willingly sent their funds to an address without doing any due diligence. As such, phishing was a prevalent attack method used by the threat actors back in the day.
Since then, the ICO bubble has burst. The 2018-2019 bear market ensured that the projects that didn’t have credibility and utility were wiped out of the market. Since then, the blockchain space has matured and given birth to the booming DeFi sector. However, as you can see, hackers and dishonest entrepreneurs are still finding ways to get paid.
The DeFi sector is amazing and one of the greatest wealth-creating instruments this world has ever seen. Having said that, exercise a little caution before heading into a new project. Please do your research, search for reviews online, read their whitepaper. Only after that, invest your hard-earned money into the project.
Remember – at the end of the day – make sure that you are the one getting “paid”, not the hackers.
About the Author
Marie Tatibouet is the CMO at Gate.io. As a blockchain influencer, Marie is known for spreading the importance of blockchain technology to the masses, simplifying its technicalities for the everyday user, and being a proponent for crypto evolution and adoption.
Gate.io enables a new generation of global traders with the tools to access the revolutionary age of cryptocurrencies. The “Gate ecosystem” consists of Gate.io, Wallet.io, HipoDeFi and GateChain. Gate.io enables blockchain enthusiasts to trade and store assets in over 470 of the leading cryptocurrencies for over 4 million users from over 150 countries. It is a one-stop-shop for spot, margin trading, futures, perpetual contracts, staking, C2C loans, options and DeFi. At Gate.io, we strive to provide a platform that’s fast, easy to use and welcoming to everyone. Check us out on Twitter and YouTube for interesting updates, reward campaigns and more.
© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.