Over the weekend, $ 10 million was stolen from an exploit in Rari Capital’s decentralized financial log. A hacker tampered with a smart contract to withdraw large amounts of ETH tokens, exhausting the protocol’s supply. While Rari already has a plan to compensate affected users, the exploit is just the latest in a string of multi-million dollar thefts from decentralized financial platforms.
For example, EasyFi lost up to $ 60 million early this year to a security breach in its software. ForceDAO also lost $ 367,000 in early April.
I look forward to meeting you at iFX EXPO Dubai in May 2021 – make it happen!
Martin Gaspar, Research Analyst at CrossTower, told Finance Magnates: “According to The Block, around $ 120 million in funds were stolen in DeFi hacks in 2020.” Exceeded $ 300 million, “he said, citing the list of exploits managed by the DeFi media platform Rect.
In addition to hacks and exploits, the DeFi ecosystem has been targeted by regulators as a potential breeding ground for money laundering and other financial crimes. Fake DeFi platforms have emerged and quickly disappeared in a growing number of rug pull scams.
What is causing the rise in DeFi-related cybercrime?
As DeFi grows, hackers and criminals follow the money
One of the main drivers, if not the main drivers, of crime growth in the DeFi sector is the simple fact that DeFi is getting bigger and bigger. Gaspar said: “A higher TVL (Total Value Locked) or deposits via DeFi protocols in 2021 could provide further incentives for attackers.”
In fact, as of January 1, 2021, there was $ 15.1 billion tied to DeFi protocols. At the time of going to press (just over five months later) that number had grown to over $ 88.6 billion.
As DeFi grew, hackers followed the money. Monica Eaton-Cardone, co-founder and chief operating officer of Chargebacks911, told Finance Magnates that this trend could continue unabated without intervention: “If prices go up, we’ll see a major migration to DeFi platforms,” she said.
Parallel phenomena can be observed with the growth of the cryptocurrency industry in general. As market capitalizations got higher, crime got bigger. “Last year, when the COVID lockdowns forced millions of consumers to rely on e-commerce and home delivery for the first time, there was a surge in cybercrime,” Eaton-Cardone said. “Online shoppers have been scammed for not really understanding how the digital world works.”
Similarly, new users who keep entering the DeFi area could become a bigger target for malicious actors. “Inexperienced consumers bluntly make mistakes and are more susceptible to scammers and thieves,” said Eaton-Cardone. “When millions of inexperienced investors migrate to DeFi platforms, the cybercriminals will surely wait.”
“Crypto hackers are already stealing billions a year. Trust me, they appreciate the prospect of a rapid influx of new, inexperienced destinations. Defi is not easy to use for everyone. There are complexities that can and will lead to costly mistakes. “
Stay safe in the DeFi world
In addition to new users, the proliferation of DeFi platforms has led to the creation of many new DeFi platforms. Because of this, some analysts have compared the DeFi boom to the 2017 ICO bubble, when many new projects were created and abandoned as a cash gain.
While the situation is not exactly the same, the fact remains that not all DeFi platforms are created equal. As a result, some may be much more vulnerable to attack than others. Fintech advisor Gaurav Sharma, founder of BankersByDay.com, told Finance Magnates that some platforms may have “been trying to improve their online operations and haven’t had enough time to secure and fill in gaps” .
As such, Gaspar said, “The most common crime appears to be exploits, in which an attacker uses a function in code in a way that its developers and reviewers have overlooked.”
“This usually allows them to swap assets in pools for an amount greater than they intended or simply withdraw money from a log,” he said.
Plus500 reaffirms its commitment to social responsibility, go to article >>
So there is still a lot of “buyers, watch out” in the DeFi area. Users need to go beyond the surface to be safe in the decentralized financial ecosystem: “A good approach to staying safe is to only use DeFi logs that have performed multiple audits and have not seen an exploit in at least several months” said Gaspar.
“Nevertheless, there is always the risk that even the tried and tested protocols are somehow exploited.”
“The big unsolved problem is what evolving regulatory requirements will mean.”
And while there are DeFi platforms out there that may be unintentionally (or intentionally) vulnerable to use, industry security standards are slowly emerging for DeFi.
Doug Schwenk, chairman of Digital Asset Research (DAR), told Finance Magnates, “Certainly the sophistication in design and construction [of DeFi protocols] improve. “
“The big unsolved problem, therefore, is what evolving regulatory requirements will mean,” he continued.
“The FATF recently published a consultation for opinion that could imply a decentralized exchange and other DeFi systems would have to implement compliance with traditional financial institutions like KYC and AML,” he said, adding, “These changes would require a fairly significant new one DeFi platforms approach when they occur. “
Indeed they would. Right now, one of the selling points of most DeFi platforms is that they can be used completely anonymously. On the one hand, it removes barriers to entry for people who may not have the means to identify themselves according to traditional financial industry standards. On the other hand, it can lead to money laundering and other types of financial crime not being controlled.
“Defi platforms are at least partially attractive because they circumvent certain bank registers,” Eaton-Cardone told Finance Magnates. “Anyone with a smartphone can lend or borrow. The customer verification is not that strict. DeFi platforms are therefore naturally more vulnerable. “
“It’s a tricky balancing act because we want the financial freedoms that come with non-regulation, but at the same time, consumers want the protection that can only come from regulation.”
For this reason, Schwenk said, “The biggest concern of regulators could be money laundering, which is difficult to prove or disprove with the easily available data, although some companies are tackling it.”
Indeed, a wave of regulation could head straight for DeFi. Gaspar told Finance Magnates, “Law enforcement has invested in blockchain analytics solutions that can track user activity on public blockchains.”
“Additionally, the Financial Action Task Force (FATF) has suggested in recent guidance that Virtual Asset Service Providers (VASPs), which may include DeFi protocols, may need to collect information about the users who interact with them.”
If the nature of cyberthreat changes, the platform must change with it
The bottom line is that if DeFi grows, so will crime. Therefore, the level of regulation will continue to increase in order to keep regulation in check.
“Cybersecurity is an eternal, never-ending game of cat and mouse in which both sides constantly strive to strengthen each other,” said Eaton-Cardone. “But in today’s game, both sides are trying to make the better mousetrap.” Both sides invest in research and development. It has become a high tech arms race, with the good guys using technology to build and protect, and the bad guys using technology to infiltrate and reverse engineering. “
“Nobody knows exactly what the various financial platforms will look like 10 years from now, but I guarantee they will look strikingly different than they do today because cyber thieves have overtaken our current platforms,” she continued. Codes can be stolen, compromised and cracked. Unfortunately, time is on the side of criminals.
“If the nature of cyberthreat changes, the platform has to change or go under.”