Unlike previous years, crypto news in 2020 was not dominated by major stock market hacks and multimillion-dollar Bitcoin thefts. However, there are still quite a few and most of them are from the emerging decentralized financial sector.
DeFi is one of the main drivers of the crypto market’s momentum in 2020 and it goes without saying that the emerging financial landscape is a magnet for scammers and hackers. Largely unaudited smart contracts coupled with cloned code are a recipe for vulnerabilities and exploits, often resulting in millions of dollars in digital assets.
A CipherTrace report November 2020 stated that DeFi took on 45% of all thefts and hacks in the first half of the year, resulting in more than $ 50 million lost. That figure rose to 50% of all thefts and hacks in the second half, according to the report. Speaking with Cointelegraph, Dave Jevans, CEO of CipherTrace, warned of a potential regulatory crackdown: “DeFi hacks will now make up more than half of all cryptocurrency hacks by 2020, a trend that is catching the attention of regulators.”
He added that regulators are more concerned about the lack of anti-money laundering compliance: “Funds stolen in the biggest hack of 2020 – the $ 280 million KuCoin hack – were laundered using DeFi protocols.” Jevans also believes that 2021 is likely to bring clarity to regulators in terms of what actions DeFi protocols are expected to take to avoid the consequences of non-compliance with AML, Capture the Flag, and possible sanctions.
Exchange hacks in 2020
The KuCoin hack took place in late September when Exchange CEO Johnny Lyu confirmed that the raid affected the company’s Bitcoin, Ethereum and ERC-20 hot wallets after private keys were leaked.
At the beginning of October, KuCoin said it did identified suspects and had officially involved law enforcement in the investigation. The Singapore-based stock exchange in mid-November stated that it had recovered 84% of the stolen crypto and resumed full service provision for the majority of its marketable assets.
There were other exchange hacks this year, but KuCoin was the biggest. Italian exchange in February Altsbit lost almost all of his funds in a $ 70,000 hack, and there have been a few other minor breaches of the crypto exchange. In October 2020, no less than 75 centralized crypto exchanges were closed Due to various reasons, hacking is onem.
DeFi’s 2020 Hacks and Exploits
With billions of dollars pouring into DeFi protocols and revenue farms, the emerging landscape became a hotbed for hackers. The first major raid of 2020 took place on the DeFi lending platform bZx in February, then two flash loan exploits resulted in the loss of nearly $ 1 million in user funds. A flash loan is when crypto collateral is borrowed and paid back within the same transaction.
bZx froze operations to prevent further loss, but this generated a wave of criticism from industry observers who claimed it was ultimately a centralized platform and could be the ‘death of DeFi’.
Markets crashed in March resulting in many collateral liquidations, especially for Maker’s MKR token, but these weren’t hacks. The next of these came the following month when a wrapped version of Bitcoin called imBTC was attacked using a so-called ERC-777 token standard reentry method. The attacker was able to siphon off a Uniswap liquidity pool for all its value, estimated at $ 300,000 at the time.
April also saw a Chinese credit platform dThe force has taken away all its liquidity with the same exploit. The hacker repeatedly increased their ability to borrow other assets and disappeared by about $ 25 million in funds.
In June, an exploit was discovered in Bancor’s smart contracts that resulted in the draining of a whopping $ 460,000 in tokens. Automated market maker DeFi stated that they had implemented a new version of the smart contract that fixed the vulnerability.
Balancer was the next DeFi protocol to be exploited in the amount of $ 500,000 worth of wrapped ether stolen from its liquidity pools using a well-planned arbitrage attack. A series of flash loans and arbitraged token swaps were executed in an attack on a vulnerability affecting the Balancer team apparently already knew.
Not so much a hack as another exploit, but bZx was in the news again in July with a dubious token sale manipulated by bots placing buy orders in the same block that marked the start of the token generation event. Nearly half a million dollars in price pump profits were captured by the attackers.
DeFi option protocol Opyn was the next victim of hackers in August utilized his ETH Put contracts run off with over $ 370,000. The exploit allowed attackers to “double practice” Ethereum Put oTokens and steal the collateral. Opyn recovered about USDC 440,000 from open vaults using a white hat hack, effectively returning them to Put sellers.
Again, not a direct hack but a code bug in an unverified Yam Finance smart contract affected governance token rebasing resulting in a price drop in mid-August. The Protocol was forced to call on DeFi Whales to save it by voting for a reboot as version 2.
When the sushi rolls out
The SushiSwap saga began in late August and the terms “vampire mining” and “rug pull” were coined. The anonymous protocol cloner and administrator known as “Chef Nomi” has sold $ 8 million worth of SUSHI tokens, causing the price of the token to collapse. A few days later, the protocol was saved by Sam Bankman-Fried, CEO of FTX Exchange, who was handed control over by a consortium of DeFi whales through a multi-signature smart contract. Ultimately all funds were returned to the developer fund.
The carpet pulls, or ‘pumps and dumps’ as they were called during the previous altcoin boom in 2017, continued with a number of DeFi clones like Pizza and Hotdog. Token prices for these food farms rose and collapsed within hours and sometimes even minutes.
In mid-October, hordes of “degenerate farmers,” or swords as they were called, piled up money in an unaudited and undeclared smart contract from DeFi Protocol Yearn Finance founder Andre Cronje. The Eminence Finance contract lost $ 15 million when it was hacked within hours of Cronje posting teasers about the new “gaming multiverse” on twitter. The hacker paid back about $ 8 million but kept the rest, prompting the disaffected traders take legal action against the Yearn team about lost money.
At the end of October a refined flash arbitration attack on the Harvest Finance protocol resulted in the loss of $ 24 million worth of stablecoins in about seven minutes. The attack sparked debate as to whether these exploits of the system’s design could be considered hacks.
November was a special one painful month for Acropolis who had to “pause” the protocol when hackers ran off with $ 2 million worth of DAI stablecoin. The Value DeFi Protocol lost $ 6 million in an all too common flash loan, generating a stablecoin project Origin Dollar was exploited for $ 7 million, and Pickle Finance suffered a $ 20 million collateral loss in one sophisticated “evil jar” exploit.
One that broke the mold of exploiting the system was a personal attack on a person in mid-December. Hugh Karp, the founder of the Nexus Mutual DeFi protocol, lost $ 8 million from his MetaMask wallet when a hacker managed to infiltrate his computer and forge a transaction. These types of attacks are generally less common because there is a degree of social engineering involved.
The last reported flash attack of the year was one so far $ 8 million raid on Warp Finance on December 18.
Many retailers and investors have also been victims of phishing attempts and Ledger hardware wallet owners are also targeted in 2020 after the personal details of some 272,000 Ledger buyers were hacked.
Battle hardening DeFi
The majority of smart contracts and flash loan exploits in 2020 will serve to harden the emerging financial ecosystem as it develops. New and smarter DeFi protocols will likely appear next year, but as always, scammers, hackers and cyber criminals will also do their best to stay ahead.
It takes a huge dose of vigilance and attention to dive into the current world of DeFi, but it has come a very long way in such a short time and the decentralized financial landscape of the future is constantly evolving.