Over 50% of Attacks on DeFi Ecosystems Use This Vector: Researcher


article image

Vladislav Sopov

Kofi Kufuor, partner at crypto investment heavyweight 1confirmation, shares detailed analysis of attacks on crypto protocols

Contents

Kofi Kufuor proposed his own classification of attacks on decentralized finance (DeFi) protocols and indicated core vulnerabilities this turbulent segment is exposed to.

Four major types of attacks in DeFi

According to his detailed post, all attacks that resulted in money being stolen from crypto protocols can be divided into four types based on “vulnerability stack.”

That said, all recent attacks are executed either against the ecosystem, protocol, smart contract language, or infrastructure. Infrastructure attacks target weaknesses of consensus, Internet systems behind DeFis, private keys and so on.

Smart contract language attacks exploit design flaws of programming languages used for smart contract creation. Protocol logic attacks are executed under bad business logic and tokenomical weaknesses.

Ads

Last but not least, ecosystem attacks target the interactions between various DeFi protocols: to initiate an attack (or amplify it), malefactors borrow money from one protocol and inject it into the liquidity pools of another DeFi.

Multi-chain apps and bridges under fire

Ecosystem attacks are the most frequent: over 41% of all DeFi hacks belong to this group. At the same time, should we exclude the three most devastating hacks from the analysis (Ronin Bridge, Poly Network, BNB Chain bridge), infrastructure attacks resulted in the largest losses.

Out of ecosystem hacks, flash loan attacks with price oracles are the most frequent; various attacks on private keys (phishing, brute force, compromised keys and so on) are dominant in anti-infrastructure hacks.

Ethereum-based apps witnessed $2 billion in stolen funds. More than one half of attacks in 2020-2022 targeted cross-network bridges and multi-blockchain apps.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *