Hackers Stole USD 670M from DeFi Projects in Q2, Up by 50% from Q2 2021
Hackers and fraudsters stole a total of USD 670.7m from various crypto protocols during the second quarter of the year, according to a report by major bug bounty and security services platform Immunefi.
In 50 instances of both successful and semi-successful hacking attempts, decentralized finance (DeFi) projects lost USD 670,698,280 during the last quarter, said the report shared with Cryptonews.com. The figure is up by almost 50% compared to Q2 2021 when hackers and fraudsters stole USD 440,021,559.
The report claimed that the bulk majority of the losses (almost 97%) happened as a result of hacks. It added that blackhat hackers are now primarily targeting and exploiting DeFi projects, as 49 out of 50 instances involved DeFi protocols.
Beanstalk, a decentralized credit-based stablecoin protocol, ranks first among the top losses with around USD 182m lost due to an exploit.
This information comes as a report by crypto research firm Chainalysis found that cryptoassets stolen from DeFi protocols rose by a staggering 1,330% in 2021, reaching USD 2.3bn.
The report said that DeFi hacks continue to account for the larger share of all crypto hacks. For instance, 31% of the total amount of crypto stolen in 2020 came from DeFi projects, while in 2021, more than 71% of all crypto stolen was drained from DeFi protocols.
“In other words, as DeFi has continued to grow, so too has its issue with stolen funds,” the report said.
Glassnode also noted that hackers have recently shifted their focus from crypto exchanges and centralized crypto platforms toward DeFi projects mainly because they are open-source, meaning their code is publicly visible.
Being open-source is an important aspect of DeFi because it enables everyone to verify the code. However, it also allows bad actors to search for loopholes and exploit breaches.
Kate Kurbanova, co-founder and COO of the risk management platform Apostro, explained that DeFi’s growing popularity is attracting “a new crop of developers” into the space, which has, therefore, seen “a massive proliferation of protocols with similar business models and codebases, with all brandishing a very common trend of shabbily conducting audits and other security measures that can make their platforms well guarded against attacks.”
In a comment for Cryptonews.com, Kurbanova argued that,
“The continued rise in hacking as pointed out by Immunefi is a no-brainer, hackers do not get smarter, they only take advantage of the loopholes that exist in protocols that refuse to do their due diligence at the point of launch and subsequently.”
Hackers will not leave the space, “considering how easy they get a payday,” she said, and even though there is no one-size-fits-all solution, it is ultimately “the responsibility of DeFi innovators to come up with a solid risk management system that can help safeguard investors and users across the board,” said Kurbanova, and added:
“The imposition of a cap on liquidity might be a very good approach if channeled appropriately. While Aave’s V3 is billed to pioneer this new model, a mix of inbound protocol transaction monitoring can be a feather in the cap in discovering potential threats to DeFi and Web 3 protocols respectively.”
– Solana-Powered Crema Finance Loses Almost USD 9M in Flash Loan Attack
– XCarnival Hacker Accepts ETH 1,500 Bounty and Returns Remaining ETH 1,467
– ONE Keeps Trending Lower while Harmony Offers Hacker USD 1M in Bounty for Return of Funds
– Axie Infinity’s Ronin Bridge to Re-Open After Hack, Locked Funds to Be Returned
– Osmosis DEX Hacked for USD 5M, Team Denies Liquidity Pools Being ‘Completely Drained’
– Hacker Used ‘Social Media Data Leak’ to Steal USD 660K in Crypto from 90 Victims – Police
(Updated at 15:29 UTC: “Immunifi” was replaced with “Immunefi” as the correct name of the company.)