Centralization Caused Most Decentralized Finance Hacks in 2021

Decentralization DeFi Security
Last updated:
Author
Author
Jaroslaw Adamowski
About Author

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStock / GoodIdeas

 

Centralization issues have emerged as the main attack vector in decentralized finance (DeFi), facilitating the largest share of the hacks — with USD 1.3bn worth of user funds stolen in 44 DeFi attacks last year, according to a recent report by security-focused ranking platform CertiK.

CertiK’s experts say they identified some 286 discrete centralization risks throughout the 1,737 audits they performed in 2021.

Data on centralization’s impact on DeFi security “underscores the importance of decentralization and highlights the fact that many projects still have work to do to reach this goal,” according to the report.

It added that, 

“Centralization is antithetical to the ethos of DeFi and poses major security risks. Single points of failure can be exploited by dedicated hackers and malicious insiders alike.” 

Among the attacks, DeFi lending protocol bZx (BZRX) was found to be exploited for more than USD 55m last November as a result of a private key mismanagement — serving as an example of privileged ownership which enabled the attackers to gain complete control of all contracts controlled by the key. In total, privileged ownership was detected 76 times in the company’s audits, according to the study.

Missing event emissions were the second most common potential vulnerability after centralization risks, found in 211 instances by CertiK’s auditors. 

The utilization of an unlocked compiler version was another common code error found by the firm’s experts, at 176 instances, and CertiK’s experts came across 104 lines of code which lacked proper input validation. 

Reliance on third-party dependencies, with 102 instances, was another identified potential source of trouble, according to the figures from the report.

Set up in 2018 by professors from Yale University and Columbia University, CertiK says it specializes in blockchain security, using artificial intelligence (AI) technology with the aim to secure and monitor blockchain protocols and smart contracts. The company’s security leaderboard has 1,464 projects onboarded with a total assessed market capitalization of USD 291bn.

____

Learn more:
Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
Decentralized dYdX Went Down Due to Reliance on Centralized Cloud Services

Unstoppable Domains’ New Feature Allows Ethereum, Polygon Login With NFT Domains
Heavily-Backed DeSo Makes Waves With Controversial Google Login Feature

The Ethereum Premine Debate On Fairness, Regulation, and Centralization
Cryptoverse & Busta Rhymes Point Out Flaws in Facebook’s Centralized System

More Articles

Bitcoin News
Central Banks Should Study Bitcoin, Not Avoid It, Says Czech National Bank Chief
Veronika Rinecker
Veronika Rinecker
2025-02-19 15:16:44
DeFi News
Abstract Releases Post-Mortem on Cardex Security Breach Affecting 9,000 Wallets
Hassan Shittu
Hassan Shittu
2025-02-19 15:10:42
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors