Here’s how cybercriminals attack DeFi platforms

DeFi platforms facilitate the lending and borrowing of cryptocurrency through the blockchain network. It uses smart contracts through which crypto lending or borrowing is made automated. Smart contracts are pieces of algorithms that run when a specific condition is met on Blockchain.

For DeFi companies, in particular, the largest thefts are usually done via faulty code and flash loan attacks—a type of code exploit involving the manipulation of cryptocurrency prices.

Faulty code or code exploits occur for a number of reasons. It should be noted that DeFi is an open-source protocol, meaning that any user can access the underlying code that the platform is built upon. “This is an important and generally positive trend since DeFi protocols move funds without human intervention, users should be able to audit the underlying code in order to trust the protocol,” the company said in its report.

However, this benefits cybercriminals, too, who can analyse the scripts for vulnerabilities and plan exploits well in advance.

Chainalysis in its report revealed that from 2020 to Q1 of 2022, 35 per cent of all cryptocurrency value was stolen via a security breach. Ronin Network’s March 2022 breach, which enabled the theft of $615 million in cryptocurrency, has proven the continued effectiveness of this technique.

The second most utilised technique by the hackers is: Flash loan attacks. It refers to a smart contract exploit when an attacker takes a flash loan (uncollateralized loan) from a DeFi platform, uses the capital that they borrowed and pays it back in the same transaction, causing the price of the crypto asset to rise and then quickly withdrawing their investments.

As per the Chainalysis report, when a DeFi platform relies on unstable price oracles, chances are attackers will exploit the platform. Oracles are programs tasked to maintain maintaining accurate pricing data for all cryptocurrencies on a platform, which isn’t easy due to the volatility in crypto prices.

“Secure but slow oracles are vulnerable to arbitrage; fast but insecure oracles are vulnerable to price manipulation. The latter type often leads to flash loan attacks, which extracted a massive $364 million from DeFi platforms in 2021,” the report highlighted.

The data analytics firm believes that regular audits can help reduce flash loan attacks but code audits aren’t infallible. Nearly 30 per cent of code exploits occurred on platforms audited within the past year, as well as a surprising 73 per cent of flash loan attacks. “So while code audits can certainly help, DeFi protocols managing millions of users and billions of dollars must adopt a more robust approach to platform security,” Chainalysis added.

Laundering stolen cryptocurrency

DeFi platforms have also become a hub for cybercriminals for laundering stolen crypto assets. In 2021, more stolen funds flowed to DeFi platforms (51 per cent) and centralized exchanges received less than 15 per cent of the total stolen funds. “This is likely due to exchanges’ embrace of AML and KYC processes, which threaten the anonymity of cybercriminals,” the report noted.

“The decentralized nature of DeFi platforms makes them even more vulnerable to attacks, as hackers target specific bugs in the software suites, which are very transparent since the apps are open source. While this peculiarity requires even more time and resources to be spent on code audits and stress tests, many of today’s DeFi projects are launched hastily and do not pay much to build a strong security team. It can be seen that for the current security vulnerabilities in Defi projects, smart contract auditing, senior and experienced teams will be helpful to prevent hacker attacks,” advised Johnny Lyu, CEO of KuCoin.