• What is DeFi?
  • How much potential does DeFi has?
  • Why are hackers so much Attracted to Defi?
  • Logic errors and misconduct of third-party protocols.
  • Coding mistakes.
  • Flash loan, price manipulation, and small attacks.
  • Incomitance at the developer’s hand.

A detailed background of dozens of hacks, and their causes and vulnerabilities are being analyzed in the perspective of Decentralized Finance.

What is Defi?

DeFi is an abbreviated form of Digital Finance. DeFi is the advanced way of executing transactions through digital applications including wallets and exchanges.

How much Potential does DeFi has?

 The growth and rapid adaptability in decentralized finance are groundbreaking. In 2019 the total capital involves in DeFi was just $800 million and in February 2021 this number has leaped to a staggering $40 billion. This unprecedented progress in a nascent market allures the full attention of the top hierarchy of hackers.

A Crypto Research Company had published a report, according to which, the cursing amount of $283.9 million has been obfuscated by the hackers and other exploitations.

Why are Hackers so much Attracted to Defi?

From the viewpoint of a hacker, the technology of blockchain is in its infancy and possesses the paramount amount of riches. The downside of these systems is that they are anonymous and they have tons of money at stake.

Teste your abilities these words are written on billboards for the hackers who are already desperately searching for any opportunity for milking without anyone even knowing what’s is happening to his digital wealth. In the period of four-month, since January 2021 $420 million has been heisted by anonymous hackers. This is a figure based on the reported cases, the real number is suspected to be in billions of dollars.

How exactly does a hacker flinch from DeFi protocols? In the analysis of dozens of previous attacks, we have learned about the loopholes which make the hacker successful.

  • Logic errors and misconduct of third-party protocols.
  • Coding mistakes.
  • Flash loan, price manipulation, and small attacks.
  • Incomitance at the developer’s hand.

Logic Errors and Misconduct of third-party Protocols

For a successful attack, hackers carefully examine and analyze the victim. Since the blockchain technology uses the BaaS (Blockchain as a service) which serves as a web host, operating as a back-end for any blockchain-based platform, hackers also take advantage of the use of auto-tuning services simultaneously while running different possible hacking scenarios for the accomplishment of their goal.

For hacking any DeFi network, the hacker must be versatile in programming with a deep knowledge of how smart contracts work.

The usual way to go for any hacker is to download the full copy of subjected blockchain from the original network, and after acquiring full access initiate the attack in the guise of a normal transaction. The network will see it as a normal transaction taking place.

The hacker must have to study and understand the business model and external services of the subjected network. Mistakes in mathematical models of business logic and the use of third-party services are the two biggest loopholes, that every proficient hacker love to exploit.

The way smart contracts are designed is: the developers need less relevant data at any given moment and more data pertaining to the time when the transfer is taking place. That is why the developers have to use external services, for example, oracle. Actually, that is not why these external services are designed for. So, the use of these external services increases the additional attack risk. Since the start of 2020, these above-mentioned risks caused comparatively low percentage of attacks and losses, just 10 hacks that resulted in the heist of approximately $50 million.

Mistakes in Coding

The concept and implementation of smart contracts is a relatively new thing in the IT world. Smart contracts required a completely different set of programming languages and geeky proficiency. But the designated developers lack the required coding skills and ultimately make huge mistakes and these mistakes further pave the way for hackers and cause colossal loss of money.

Security audits lessen the risks of these kinds of attacks but not completely. Because audit companies do not take any responsibility for the work quality of developers and are mainly focused on fiscal sides. Coding errors resulted in the hack of more than 100 projects, and the accumulated amount of loss is calculated at approximately $500 million. A prominent example is dForce hack, which happened on April 10, 2020.

The hackers exploited the intrusion in the ERC-777 token with a reentrancy attack combination that caused the loss of $25 million.

Flash loans, price manipulation, and minor attacks.

When someone supplies the information to the smart contracts, this information is only compatible at the time of the execution of the transaction. This will create a big chunk of loopholes for hackers to attack.

Flash loans come without the option of collateral, they have to follow the stipulated path of remitting the borrowed crypto in the same transaction, if somehow the borrowed crypto failed to be returned in the same transaction, the transaction will be canceled (reverted) automatically. Price manipulation is mostly executed through flash loans.

Those blockchains which are operated on proof-of-work consensus algorithm, attacks are executed in series.

This kind of attack required a proficient and versatile hacker because it is more intricate and also it can go through many safety layers of flash loans.

The hacker initiates the mining operation and creates a block, holding a specific transaction. Within this specific block, the hacker borrows tokens, manipulates the price, and then returns the tokens in the same transaction.

Over 100 projects are subjected to this type of attack, costing approximately $1 billion.

Incompetence at the Developers end

The most lethal type of vulnerability occurs when hackers find a human error. People dream about becoming a part of DeFi developer community. In achieving this pursuit, underqualified developers launch projects. Smart contracts are open-source programs, hackers copy them, alter them and ultimately make dozens of clones. The main example is RFI SafeMoon. It has a critical vulnerability and caused a loss of over $2 billion.