Decentralized finance (DeFi) projects have been bleeding heavily in the last six months. That’s per a data presentation by tradingplatforms.com. The site estimates that Defi projects lost about $1T in that period.
At the time of writing, market data shows that Defi projects had lost $2,401,491,994 in YTD estimates. In contrast, the projects had lost $1,452,128,372 in September 2021. That brings the actual value of crypto lost to $949,363,622.
“DeFi is a fast paced and highly innovative financial services ecosystem,” said tradingplatforms.com’s Edith Reads.
“Investors are pouring funds into projects that aren’t necessarily stable or properly audited. Crooks have found an opportunity to capitalize in those situations.”
Major crypto exploits in that period
Trading platforms.com’s presentation also captured the major crypto heists in that period. The most prominent and recent of these is the $320M Wormhole hack. Wormhole is a cross-chain bridge linking the Solana Blockchain to others in the Defi scene.
The project said the attackers exploited a vulnerability in its signature verification system. Thus they were able to siphon 120,000 wrapped Ether tokens from the platform. Wormhole has since patched the fault and restored the lost funds. Its $10M bounty has yet to bear fruit.
Another major hack this year affected the Qubit Finance platform. In the January 27th, 2022 heist, hackers stole crypto with $80M. They did so by exploiting a flaw in Qubit’s smart contract.
Three similar events predominate the last three months of 2021. Topping the list is the BitMart exploit of December 4th, 2021. In this exploit, the exchange lost upto $196M, according to a Perkshield report.
BitMart suffered the losses from unauthorized access to one of its hot wallets. The report indicated that the exchange lost $100M from its Ethereum wallet and another $96M on the Binance Smart Chain.
Other hacks around the same time affected Vulcan Forged and BadgerDao. The former suffered an exploit involving 148 of its wallets, leading to a loss of about $140M.
Meanwhile, the latter suffered a $120M loss after attackers infected the site with a malicious script. This enabled them to intercept transactions and reroute them to their (attackers’) wallets.
Crypto theft is multifaceted
Crypto theft takes many forms. But the most common are smart contract hacks (also called exploits), phishing scams, and flash loan attacks.
Phishing involves impersonating an authentic entity to trick people into giving them personal information. This includes their private keys and wallet information. It can take many forms—emails, phone calls, links to fake websites—and often uses spoofing techniques to make them look legitimate.
Thieves can also use flash loan attacks to steal funds from vulnerable contracts. They exploit loopholes in smart contract code that allows them to borrow more funds than they put up as collateral.
Attackers typically target exchanges with smaller user bases and less secure infrastructure. These are the least likely to notice the theft until it’s too late.