Despite the series of obvious advantages, the DeFi platforms seem to face cyber attacks over and over again. The latest hack cost an exchange $3.8M. The road in the DeFi and cryptocurrency sector seems not to be smooth.
Numerous of the V2 Crowdpools including WSZO, WCRES, FUSI, and ETHA, that belonged to distributed exchange DODO were attacked by hackers on March 8, 2021. However, the malicious computer hacker only managed to exploit only the pools that were developed by users.
Ever since the incident happened, the portal that enabled the creation of the pools at the platform in question was temporarily disabled to shield newly-developed Crowdpools. The platform is now trying to use its security partner to recover user’s funds that were stolen by unknown hackers.
This is not the only decentralized money platform to be hewed. In January this year, a DeFi platform Venus tested the toughness of the attacker, an event that made it suffer a big loss of over $88 million in cryptocurrency especially Ethereum (ETH) plus Bitcoin. The hack on DODO happened not more than a week after the hack of another DeFi platform called Meerkat Finance that saw over $31 mln being stolen. Also, in late-February more than $14 mln was hewed and stolen from Furucombo protocol.
Some of the major vulnerabilities that are used by hackers to steal money from DeFi platforms include account and wallet security is still vulnerable (but this can be solved by applying measures like time locks and multi-signature security), risks of centralization (a good number of the DeFi are in reality centrally controlled by entities, in most DeFi dApps, the decentralized feature is simply a name), market manipulation (the DeFi lack regulations so the markets are still susceptible to manipulation, and this problem will be solved when effective regulatory frameworks are established), frontrunning, oracle manipulation especially on price information, Ethereum dependency (yet the scalability is still ETH’s largest weakness), and many others.
Although the DeFi was one of the key drivers of the digital currency market traction in the past year, there is still immaturity in the decentralized finance space – the crypto and DeFi ecosystem is full of large scale scammers and hackers. The cybersecurity of distributed exchanges is still weak and vulnerable to attackers and exploits and is a major harm to venture capitalists and crowdpooling projects.
Last year, we saw other major DeFi platforms including Yam Finance, being compromised and users of these platforms made massive losses. As per the report by CipherTrace, DeFi occupied up to 50% of the entire hacks in the fourth quarter (Q4) of the last year and more than $50 mln was lost to criminals. And this was half of all crypto asset attacks that happened in 2020.
Some of the stolen hack-funds were actually laundered with the help of DeFi protocols. For example, about $280 mln KuCoin attack-money was laundered via DeFi protocols. So, regulators should start getting interested in regulating these DeFi platforms to protect users (citizens) from making more losses. Effective Anti-Money Laundering regulations, Capture the Flag (CTF) and other potential sanctions should be introduced with immediate effect to protect the reputation of this nascent industry.