Decentralized finance platforms on the Ethereum network have lost about $285 million to rogue actors since 2019.
Decentralized finan’s rising popularity since 2019 has seen the emerging market segment become a target for hackers and opportunistic profiteers.
According to a report by crypto research company Messari, DeFi protocols have lost about $284.9 million to hacks and other exploit attacks since 2019. This figure is about 0.65% of the adjusted total value locked of the Ethereum-based DeFi market, according to data from DappRadar.
In February Messari calculated that over $284 million in DeFi was lost to hacks since 2019— Messari (@MessariCrypto) April 28, 2021
At this point in time, the decentralized insurance industry only covers a fraction of TVL in DeFi. The need is ripe for the picking. pic.twitter.com/WkZVI0TuWb
Almost half of the DeFi hacks covered in the Messari report were flash loan attacks, providing further evidence of it being the most popular exploit vector in the DeFi landscape. Indeed, many of the major DeFi “hacks” have been flash loan attacks that sometimes take advantage of temporary defects in price oracle feeds.
While crypto hacks declined in general in 2020, DeFi accounted for more than half of the attacks recorded during the year. In 2021 so far, Alpha Homora and Cream Finance made headlines after both protocols had fallen victim to rogue actors with the former suffering the single-largest hack in DeFi history, losing $37.5 million.
The Alpha Homora incident also put the quality of smart contract auditing into question, given that major smart contract auditing outfits such as Quantstamp and PeckShield reviewed the project’s codes.
DeFi hacks are not only restricted to the Ethereum chain as the Binance Smart Chain environment is also clocking similar incidents. With growing activity on BSC, DeFi protocols on the network have also fallen victim to rogue actors using familiar attack vectors.
As previously reported by Cointelegraph, Uranium Finance, a BSC-based automated market maker platform, lost $50 million to a hacker. The attacker exploited bugs in the project’s smart contract and was able to siphon funds during a planned token migration event.