How do DeFi protocols get hacked?
The decentralized finance sector is growing at a breakneck pace. Three years ago, the total value locked in DeFi was a mere $800 million. By February 2021, the figure had grown to $40 billion; in April 2021, it attained a milestone of $80 billion; and now it stands at above $140 billion. Such rapid growth in a new market could not but attract the attention of all manner of hackers and fraudsters.
According to a report by crypto research company, since 2019, the DeFi sector has lost about $284.9 million to hacks and other exploit attacks. Hacks of blockchain ecosystems are an ideal means of enrichment from the point of view of hackers. Because such systems are anonymous, they have money to lose, and any hack can be tested and tuned without the victim’s knowledge. In the first four months of 2021, losses amounted to $240 million. And these are just the publicly known cases. We estimate real losses to be in billions of dollars.
How does money get stolen from DeFi protocols? We have analyzed several dozen hacker attacks and identified the most common problems which lead to hackers’ attacks.
Misuse of third-party protocols and business logic errors
Any attack begins primarily with analysis of the victim. Blockchain technology provides many opportunities for the automatic tuning and the simulation of hacking scenarios. For an attack to be fast and invisible, the attacker must have the necessary programming skills and knowledge of how smart contracts work. The typical toolkit of a hacker allows them to download their own full copy of a blockchain from the main version of the network, and then fully tune the process of an attack as if the transaction was taking place in a real network.
Next, the attacker needs to study the business model of the project and the external services used. Errors in mathematical models of business logic and third-party services are two of the issues most commonly exploited by hackers.
The developers of smart contracts often require more data relevant at the time of a transaction than they may possess at any given moment. They are therefore forced to use external services — for example, oracles. These services are not designed to operate in a trustless environment, so their use implies additional risks. According to statistics for a calendar year (since the summer of 2020), the given type of risk accounted for the smallest percentage of losses — only 10 hacks, resulting in losses totaling approximately $50 million.
Smart contracts are a relatively new concept in the IT world. Despite their simplicity, programming languages for smart contracts require a completely different development paradigm. The developers oftentimes simply do not have the necessary coding skills and make gross mistakes that lead to immense losses for users.
Security audits eliminate only a portion of this type of risk, since most audit companies on the market do not bear any responsibility for the quality of the work they perform and are only interested in the financial aspect. More than 100 projects were hacked due to coding errors, leading to a total volume of losses standing at around $500 million. A stark example is the dForce hack that took place on April 19, 2020. The hackers used a vulnerability in the ERC-777 token standard in conjunction with a reentrancy attack and got away with $25 million.
Flash loans, price manipulation and miner attacks
The information supplied to the smart contract is relevant only at the time of execution of a transaction. By default, the contract is not immune to potential external manipulation of the information contained within. This makes a whole spectrum of attacks possible.
Flash loans are loans without collateral, but entail the obligation of returning the borrowed crypto within the same transaction. If the borrower fails to return the funds, the transaction is canceled (reverted). Such loans allow the borrower to receive large amounts of cryptocurrencies and use them for their own purposes. Typically, flash loan attacks involve price manipulation. An attacker can first sell a large number of borrowed tokens within a transaction, thereby lowering their price, and then perform a scope of actions at a very low value of the token before buying them back.
A miner attack is an analogue of a flash loan attack on blockchains working on the basis of the proof-of-work consensus algorithm. This type of attack is more complex and expensive, but it can bypass some of the protection layers of flash loans. This is how it works: The attacker rents mining capacities and forms a block containing only the transactions they need. Within the given block, they can first borrow tokens, manipulate the prices and then return the borrowed tokens. Since the attacker forms the transactions that are entered into the block independently, as well as their sequence, the attack is actually atomic (no other transaction can be “wedged” into the attack), as in the case of flash loans. This type of attack has been used to hack over 100 projects, with losses totaling around $1 billion.
The average number of hacks has been increasing over time. At the beginning of 2020, one theft accounted for hundreds of thousands of dollars. By the end of the year, the amounts had risen to tens of millions of dollars.
The most dangerous type of risk involves the human error factor. People resort to DeFi in search of quick money. Many developers are poorly qualified but still try to launch projects in a rush. Smart contracts are open source and thus easily copied and altered in small ways by hackers. If the original project contains the first three types of vulnerabilities, then they spill over into hundreds of cloned projects. RFI SafeMoon is a good example, as it contains a critical vulnerability that has been superposed over a hundred projects, leading to potential losses amounting to over $2 billion.
This article was co-authored by Vladislav Komissarov and Dmitry Mishunin.
The views, thoughts and opinions expressed here are the authors’ alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Vladislav Komissarov is the chief technology officer of BondAppetit, a lending DeFi protocol with a stablecoin backed by real-world assets with fixed periodic income. He has over 17 years of experience in web development.
Dmitry Mishunin is the founder and chief technology officer of HashEx. More than 30 global projects are running on blockchain integrations designed by HashEx. Over 200 smart contracts were audited in 2017–2021.