As the cryptocurrency landscape changes, crypto-related crimes also evolve. Lately, Decentralized Finance (DeFi) platforms have become quite a common target for cybercriminals. DeFi has been suffering from both stolen funds and crypto scams. 

Some stats your way

The following data has been taken from a new report by Chainalysis.
  • Last year, more than $3 billion worth of digital assets were stolen.
  • In Q1 2022 itself, more than $1.3 billion has already been stolen, indicating that the path taken by cybercriminals is even more aggressive as compared to last year.
  • Of all cryptocurrency exfiltrated this year, 97% belongs to DeFi firms and only 3% to exchanges. 
  • In 2021, around 25% of crypto stolen from DeFi was returned to victims, however, no such feat has been achieved this year yet.
  • Money laundering on DeFi protocols has surged by 1,964%. 

Why this matters

  • While in the past, DeFi platforms lost money due to security breaches, now the largest exploits are usually the result of code exploits and flash loan attacks. 
  • These platforms are entirely decentralized and don’t have intermediaries, brokers, or exchanges. They need to depend on transparent, open-source development models to prove their trustworthiness. 
  • Regardless, this enables attackers to analyze the smart contracts and services and abuse a flaw before it is patched. 
  • Another problem is that the market can be manipulated during a loan action, raising the value of the borrowed token and buying it again at a reduced price. This is known as a flash loan attack that takes mere seconds to develop and involves several DeFi platforms. 

Latest DeFi hacks

  • The FBI, the CISA, and the Treasury Department issued a joint advisory warning against a campaign by the North Korean-based Lazarus APT. Last week, the prolific threat actor was attributed to a hack of $540 million from a DeFi. The advisory, furthermore, states that the threat actors are targeting multiple entities operating in the cryptocurrency and blockchain technology industries. 
  • BeanStalk, an Ethereum-based stablecoin protocol, suffered a flash loan attack and reported losing $182 million, in which the attacker stole $80 million in crypto assets. 
  • Earlier this month, Lazarus APT was found spreading trojanized DeFi wallet apps to deploy a backdoor into windows systems. 
  • An attack on Inverse Finance resulted in the loss of more than $15 million worth of cryptocurrency. However, this was not a flash loan attack.
  • Another DeFi platform Ola Finance suffered a re-entrancy attack and reported the theft of $4.67 million in cryptocurrency. 

The bottom line

Cryptocurrency usage is rising by the minute. The statistics and the attack instances above indicate that DeFi protocols are a lucrative target for cybercriminals. While law enforcement has been able to dig deeper into the crypto world, attackers are evolving and devising new tactics to steal funds. Ergo, smart contract security and accuracy of price oracle are the need of the hour. These threats can be thwarted through code audits and adopting a strict approach to platform security.

Cyware Publisher