On August 12, 2021, an article about hacker attacks on DeFi projects appeared on Aergo’s official Medium page.
We present the content of this article below:
Introduction: What Is DeFi?
Decentralized finance, otherwise known as DeFi, has revolutionized the paradigm of traditional finance as we know it. But what is decentralized finance, and how has it impacted the way monetary instruments operate? Decentralized finance is, in essence, an umbrella term that consolidates cryptocurrency or blockchain applications geared towards disrupting traditional financial intermediaries. Centralized financial intermediaries are non-existent in the world of DeFi and non-custodial applications are the embodiment of how DeFi operates. Such intermediaries such as brokerages, exchanges or banks are traditional financial entities that operate as an intermediary, enabling your finances to be at the mercy of organizations other than yourself; although this maybe enticing, many individual’s wish to have complete autonomy and control over their own finances.
DeFi utilizes smart contract technology, such as Ethereum to allow individuals to borrow, lend, speculate on the price of securities, cryptocurrencies, stocks, bonds, real estate etc. and earn interest at rates unheard of in your traditional savings account. Decentralized finance is no longer exclusive to Ethereum; many blockchains such as Binance Smart Chain, Polygon, Aergo, ICON, Vechain (and many more) have conceived of their own blockchain applications dedicated to decentralized finance.
DeFi Exposure: Are Your Coins At Risk?
As DeFi has risen as a dominant force in the blockchain space, hackers and malevolent entities have capitalized on such a paradigm and over the course of the last two years (including Tuesday’s attack), DeFi hackers have effectively stolen over 1 billion dollars since 2020. Put that into perspective, one billion dollars in less than two years has been stolen by numerous investors and that could be you if you ignore the risks of not securing your cryptocurrency assets. Just because a DeFi application has been audited, doesn’t mean that it can’t be hacked; this is an unfortunate truth within the web of blockchain technological applications, especially ones in their infancy. It is important to highlight the numerous attacks that have occurred in 2021 alone to garner perspective on how much of a risk you can be in if you don’t take necessary precautions.
In February 2021, DeFi platform Yearn Finance had a flash loan attack; as Yearn Finance is one of the largest aggregators in the space, this comes as no surprise. Being one of the largest aggregators in the space, this allowed hackers to siphon 11 million dollars worth of users funds from the Dai Vault through a smart contract exploitation. This allowed the hackers to garner approximately 2.7 million dollars in profit after having to spend over 8 million dollars in fees. The hackers were able to successfully attack the platform by exploiting the flash loan feature on Yearn Finance, which arbitraged from other DeFi platforms within the blockchain sphere. Not only did Yearn Finance suffer an exploitation, but Alpha Homora’s Iron Bank Exploit also occurred during the same month because of their very own flash loan feature as well. This time, the protocol lost a whopping 37 million dollars. The hackers borrowed millions of stablecoins from Cream Finance’s IronBank, doubling their loans after every succeeding one. It is evident that these hacks are a result from smart contract exploits, which many thought were indominable. Fast forward to March and we saw the Meerkat Finance Exploit which was a yield farming protocol on the Binance Smart Chain which was reported being hacked one day after it went live resulting in approximately 73,000 BNB being lost (approximately 13 million dollars). Paid Network had an infinite mint attack where the hackers resulted in 180 million dollars being lost by minting PAID tokens causing massive inflation, sending its value down 85% within a few hours. Easy Fi, another DeFi platform on Polygon, was hacked for 75 million dollars and the team had to initiate a hard fork to recover most of the lost funds. These are just a FEW DeFi hacks that have occurred in 2021 alone, and many more have been reported (like the one that happened today, the largest in DeFi history). Many investors have also suffered from DeFi rug pulls since the inception of decentralized finance, but what exactly is a rug pull?
Imagine a rug being pulled from under you, you fall and possibly fail to get back up, think as this as a synonymous notion towards your cryptocurrency finances resulting from rug pulls. A rug pull is an event where a protocol token is launched on a decentralized exchange such as Pancake or Uniswap and paired with a prominent cryptocurrency asset such as Ethereum or Bitcoin. Liquidity providers known as yield farmers are then actively pursued by anonymous hackers and social media magnets that promise absurd Annual Percentage Yields. Smart contracts, unfortunately being able to be exploited, once they have enough funds locked into the smart contract, the developer, who has complete authority and control over the operation of the smart contract, withdraws all the funds from the liquidity pools and disappears with the funds.
611 Million In Cryptocurrency Stolen: The Great DeFi Hack: Tuesday, August 10th, 2021
Today, over 611 million dollars was stolen in a massive hack that will go down as the largest DeFi hack in blockchain history up until this point in time. This hack, reporting over 600 million dollars in losses, outweighs all the DeFi hacks from February-April combined! But how did this happen and why? It started with Poly Network, a network dedicated to swapping cryptocurrencies like Bitcoin. Poly Network was attacked on three different chains, Ethereum, Binance Smart Chain and Polygon and were transferred to the hacker’s addresses. Poly Network swaps tokens across different blockchains, which include Ethereum, Ontology, Binance and Polygon. Based on the statement created by Poly Network, over 273 million dollars in Ethereum assets were taken, 253 million dollars in Binance Smart Chain assets and 85 million in USDC. The hack was so massive that Tether, a controversial stablecoin, even got involved and freezed 33 million dollars worth of the coin to prevent further exploitation. The hack, forced O3, a trading pool that utilizes the Poly Network to trade tokens on different blockchains, to cease functionality, disrupting the cross-chain interoperability that was created on the Poly Network. This hack wasn’t a result of a rug-pull, but of an issue with cryptography which enabled the hacker to take these funds. This hack is eerily similar to the AnySwap attack, which resulted in 7.9 million stolen in July because the hacker was able to exploit the private key. This quote creates perspective on how incumbent it is to secure your coins “just eight month into 2021, more DeFi hacks and exploits have occurred than throughout the years 2020 and 2019.” As DeFi, blockchain and cryptocurrency markets expand, so will malevolent entities, and crimes will rise as a result which is why we must stay vigilant.
How To Secure Your Coins From DeFi Exploits
While DeFi protocols have initiated rapid innovation and transformation of traditional and blockchain finance, their is numerous rooms for error and exploitation. It is incumbent that you, the investor, understand the risks and consequences thereof of participating in decentralized finance applications. The first and obvious method of securing your cryptocurrency assets is to get a hardware wallet. Whether your coins are on an exchange or within a DeFi protocol, I’m sorry to say, they’re not your coins. Hardware wallets negate the risk of your coins being exposed as they store your cryptocurrency assets offline.
Such cryptocurrency wallets such as Trezor run on open source coding, which many argue makes them more secure because open source codes are consistently watching for vulnerabilities and being open source makes it impossible for any entity to open up a “back-door.” The Ledger is also another hardware wallet that is fantastic for security, however, their database was breached in 2020, which was irresponsible and absurdly ridiculous; you would think a secure digital asset wallet company would know better to not keep customers information on their databases. My advice to you as an investor, is to never use your real name when buying these hardware wallets, make sure you’re buying them from the real Trezor or Ledger website, don’t have it mailed to your house and use a fake burner email address. Consistently keep your keys stored offline and never stored on your computer or cell-phone, never trust, always verify websites and never vaunt your cryptocurrency holdings on social media (we all have egos, but they can be a detriment to your finances and mental health). There are also some DeFi protocols that offer insurance risks in case of a smart contract vulnerability or hack (think of this as if your money was in an FDIC insured bank account but your bank goes under, your funds will still be safe). In short, keep your private keys safe, offline and buy a hardware wallet and be wary of any DeFi protocols that have been previously hacked.
Conclusion: DeFi, A Massive Innovation With Unfortunate Risks
This article was not meant to bash or to create a negative perspective on DeFi: decentralized finance is a massive innovation within the web of blockchain and the financial paradigm as a whole. But with any innovation comes massive risks, and it is incumbent that investors are aware of such risks when participating in these activities. Always remember, not your keys, not your coins!
Disclaimer: Cryptocurrency investing and gambling requires substantial risk, do not invest or gamble more than you can afford to lose! I am not a financial adviser and I am not responsible for any of your trades. I am an investor of Icon Coin and the information within this article represent my own thoughts and opinions. It is incumbent that you always do your own research before investing in anything!
https://medium.com/aergo/defi-hack-an-unprecedented-event-secure-your-coins-5764c06715d2