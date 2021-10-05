fbpx

Hacker Attacks in DeFi - How To Protect Users?

byDmitro Volkov
October 5, 2021 12:06 pm
Share to Linkedin Share to Twitter Share to Facebook Share to Print License More
Hacker Attacks in DeFi - How To Protect Users?

Security of funds in the decentralized finance (DeFi) sector is a cornerstone of the industry. The spring of 2021 brought several hacks that siphoned off large volumes of user funds: in March, hackers got into PAID and stole 2,000 ETH worth $3 million, in April they stole $50 million worth of tokens from Uranium Finance, and in May $7.2 million in tokens was withdrawn from BurgerSwap и JulSwap. And August saw the biggest hack in DeFi history: a hacker drained $611 million in cryptocurrency from the cross-chain bridge Poly Network, but then returned the stolen funds, saying the hack was not financially motivated.

In the fall, hacks became more frequent, since hackers still need money: in September they pilfered $3.2 million in tokens from Zabu Finance and $12.5 million from pNetwork. But it does not appear that the recurring hacks of decentralized liquidity protocols have made people looking for promising DeFi projects in which to invest their capital any more wary.

How Are DeFi Projects Hacked?

In short, hacks of DeFi projects exploit vulnerabilities that developers have left in their smart contracts. Hackers find these vulnerabilities and use them to withdraw funds, meaning they make use of the toolkit present in the smart contract from the beginning, rather than accessing funds under a smart contract by breaking into it.

For example, in the attack on the decentralized exchange BurgerSwap, the hacker exploited a vulnerability that permitted exchanging tokens again without updating the reserves that are used to calculate what liquidity the user has. The attack also made use of the flash loan protocol. These protocols are created to provide flash loans to DeFi users for arbitrage and swaps. They let you borrow tokens and cryptocurrencies, use them, and return them to the lender in a single transaction, which is why they are called flash loans. Flash loans have repeatedly been used in hacks, since they increase the number of liquidity protocols that can be used in the attack, which increases the likelihood that a vulnerability will be found. 

Another common model for hacking in the DeFi sector is using protocols that let users deposit one coin and withdraw another. This opens up the possibility for hackers to manipulate the token price using non-market methods, washing liquidity out of a given token.

How Can Users Protect Themselves?

Since DeFi is unregulated, all responsibility for keeping smart contract funds secure lies with the project creators and users who deposit their cryptocurrencies and tokens in those projects. Obviously, to be absolutely sure that a liquidity protocol is secure, you would need to independently check that the smart contract’s compiled code is well-formed. To do that, you need to be a data security expert and spend a lot of time studying the code. This method is appropriate only for the few people who have the necessary qualifications.

One more broadly applicable way to check the reliability of a smart contract is to check whether the project has undergone a technical audit. Projects are always eager to show users this information since it gives them an edge over their competition. So it should not be difficult to find. If there has not been an audit, avoid investing money in the project, since it could become the target for the next hack.

You should also pay attention to the project team’s reputation. If one of the team members was involved in a project that lost investor money, that should be a red flag. But if the team only has a positive reputation, you can place more trust in it.

What Does the Future Hold?

As the decentralized finance market grows, attempts to hack into new DeFi projects should only be expected to grow. This is a natural process, dictated by the realities of how our world works. There will be a cryptographic arms race, with projects trying to face threats by building up their defenses and hackers trying to find more and more sophisticated methods of attack.

Dmytro Volkov, CTO at international crypto exchange CEX.IO

Join ZINGERNATION and earn ZING, a new cryptocurrency we launched aimed to reward members as we build a community to find and share great trading and investing opportunities. Download the mobile app now, available on iOS and Android.

Click here, or sign up for our newsletter to explore more of Benzinga's Cryptocurrency market coverage, in-depth coin analysis, data, and reporting.

For the latest in financial news, exclusive stories, memes follow Benzinga on Twitter, Facebook & Instagram. For the best interviews, stock market talk & videos, subscribe to Benzinga Podcasts and our YouTube channel.

© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Posted-In:

Cryptocurrency Markets

Related Articles

Dogecoin And Shiba Inu Might Be Hounding All The Attention But Popular Analysts Say These DeFi Coins Are Ready For Some Action

Dogecoin And Shiba Inu Might Be Hounding All The Attention But Popular Analysts Say These DeFi Coins Are Ready For Some Action

Two popular cryptocurrency technical analysts are predicting rallies for some decentralized finance (DeFi)-based cryptocurrencies even as Dogecoin (CRYPTO: DOGE) and Shiba Inu (CRYPTO: SHIB) grab the read more
Fintech On Benzinga: 4 Consumer Product Trends That Will Define The Future Now

Fintech On Benzinga: 4 Consumer Product Trends That Will Define The Future Now

Despite what the ads on Instagram and your #sidehustle neighbor might imply, consumer products are hard to sell. Harder than selling is maintaining and growing sales after the novelty of new has worn off. read more
Massive Glitch On DeFi Platform Compound Puts $160 Million Up For Grabs

Massive Glitch On DeFi Platform Compound Puts $160 Million Up For Grabs

An upgrade gone wrong to the decentralized finance protocol Compound Finance (CRYPTO: COMP) has led to a bigger loss. read more
Bitcoin - The Chosen One?

Bitcoin - The Chosen One?

 Make no mistake, Bitcoin (CRYPTO: BTC) is “The One.” And if we’re going to grasp its real value, we first have to analyze the problems it is so successful at solving. read more