At least USD 721 million could get recovered. Loan DeFi was the most vulnerable, accounting for 34% of the total stolen money.
Decentralized Finance (DeFi) has experienced exponential growth this past year. This growth has become the ideal scenario for criminals and scammers. A recent study found out that, so far, in 2021, thefts and scams on DeFi platforms have produced damages above USD 12 billion.
The study presented in recent days got carried out by the blockchain and cryptocurrency analysis firm Elliptic. It analyzed the growth of the entire DeFi ecosystem and the record of cases and modalities of thefts and scams that impact the industry.
The growth of DeFi has gone in parallel with the increase in the price of bitcoin (BTC) and ether (ETH). By mid-April, a date that runs in parallel with the bitcoin price (over USD 64,000), the total value of blocked (TVL) reached its maximum peak, experiencing the same decline that would experience bitcoin price between May and July 2020.
The value of the TVL gets measured concerning the dollar. Along with the increase in the prices of cryptocurrencies, this value also increases. However, with similar prices to that of April 2021, October marked a new all-time high for blocked TLVs.
This growth ended up becoming a honeypot (pot of honey), which gets defined as something tempting, in this case for criminals and fraudsters of the DeFi industry.
Losses have grown from less than USD 500 million per quarter in 2020 to a peak of at least USD 3 billion in the third quarter of 2021. However, according to the study, of the total USD 12 billion stolen, around USD 700 million have been recovered, just under 10%.
Vulnerabilities in DeFi
DeFi presents an alternative to financial products, which were previously only offered by traditional banks. This offer intends to eliminate the centralized intermediary, in this case, the bank, being governed only by the guidelines established by the smart contract on which the platform got built.
However, In this case, the trust now resides on the reliability of the smart contract. Criminals have managed to find a series of vulnerabilities in various smart contracts that resulted in the loss of USD 12 billion.
Types of vulnerabilities
In computing, an exploit can be a piece of code used to compromise the security of a system. The exploit concept can also serve in other areas from which vulnerabilities inherent to the system could get exploited. These exploits can get explained through four categories: code, economic, administrator password, and lastly exit scam exploits.
In the case of code exploits, it refers to direct flaws in the contract schedule. An error in programming could lead to the total loss of funds. The study also highlights the swap’s case, a DEX, from which, due to a single line of code flaw, more than $ 11 million got stolen.
Economic exploits are perhaps a bit more complex, taking advantage of DeFi vulnerability based on its structure. Lending platforms are the most affected since this type of exploit manipulates the prices of cryptocurrencies, making the guarantees much less than the given loan, resulting in losses that can be large.
By: Jenson Nuñez
