Yield App

The DeFi landscape: Hacks, exploits and solutions

6 min read

The decentralized finance (DeFi) landscape in 2023 is increasingly marred by an onslaught of hacks and exploits, building on the record-breaking numbers from 2022. A recent study by global cybersecurity firm Naoris Protocol reveals an unsettling escalation of cybersecurity attacks in the Web3 space, with 19 reported incidents in Q1 2023, up from 16 in Q1 2022 and a mere 10 in Q1 2021.

READ: Haven1: Solving the security challenges in DeFi

This worrying trend underscores the burning need for innovative, secure solutions that safeguard users within the ecosystem. This is the problem we’re looking to solve with the development of Haven1 – a secure Layer 1 network designed to mitigate the inherent risks in DeFi.

Flash loan attacks and rug pulls

The largest hack of 2023 so far was the attack on Euler Finance, a permissionless borrowing and lending protocol on Ethereum. This exploit resulted in a record-breaking theft of $187 million worth of staked ETH (stETH), USDC and Wrapped Bitcoin (WBTC). 

In the Euler case, the hacker utilized a “flash loan” attack to siphon assets from the protocol. Flash loans enable users to quickly borrow large sums without collateral since the loan must be paid off within the same transaction. Although flash loans are legitimate in the crypto space, hackers often exploit them to capitalize on arbitrage opportunities or manipulate token prices, making off with the money without repaying the loan. 

In this instance, the hacker leveraged a $20 million loan to borrow nearly 10 times that amount and exploited a protocol vulnerability to avoid loan repayment. Weeks later, the hacker returned the stolen funds, but the incident exposed the protocol’s flaws and caused its native token, EUL, to plummet. As of Tuesday, 2 May, EUL is down approximately 64% since 13 March 2023, trading at $2.20.

READ: Top tips to avoid crypto fraud and stay safe online

A similar flash loan attack recently led to the loss of $7.4 million from Hundred Finance, a multichain lending protocol on the Optimism blockchain, an Ethereum Layer 2 solution. Hundred Finance, a fork of Compound, uses hTokens to track lending positions. 

A fork is essentially a copy-and-paste of existing code, which can expose the protocol to unexpected vulnerabilities due to undetected flaws in the original code. In this instance, the hacker manipulated the exchange rate between ERC-20 tokens and hTokens, allowing them to withdraw more assets than originally deposited.

However, external malicious actors are not always responsible for the loss of funds. In the case of the Merlin decentralized exchange (DEX), the culprits were the back-end developers themselves. Known as a rug pull, this scam involves developers stealing funds from the project. Conducted during a three-day Liquidity Generation Event in April 2023, this exploit resulted in a $1.8 million loss of users’ assets.

READ: What is a rug pull and how to avoid them

This exploit was possible because individuals controlling the so-called “fee-to” addresses, which receive transaction fees paid by users on the blockchain, were granted excessive permissions. They were able to access and drain the assets from the DEX’s liquidity pools for their own benefit. 

The need for new security solutions

The initial months of 2023 were marked by many other DeFi exploits, which cast a shadow over security in this nascent space. In 2022, crypto hacking reached an all-time high, as highlighted by Chainalysis. DeFi was responsible for a staggering 82% of the $3.8 billion stolen from cryptocurrency businesses that year. Cross-chain bridge protocols were particularly vulnerable, accounting for 64% of all DeFi attacks.

As DeFi matures, hackers are also employing more sophisticated techniques. Naoris Protocol reports five new techniques in 2023 thus far, including social engineering, redeem function exploits and collateral offboarding mistakes. 

As new projects enter the space, attacks may become more frequent, which will require innovative solutions to protect users’ assets. The DeFi space continues to grow in complexity, and most users struggle to understand its risks and lack the knowledge to mitigate these. Consequently, robust safeguards are essential to protect average DeFi users.

READ: How to keep your digital assets secure

Haven1 aims to minimize these risks. For instance, a Euler-style flash loan attack would be impossible on this blockchain, since all contract code undergoes thorough internal and external audits by reputable auditors before deployment on the network. Haven1 also prevents forks from deploying without internal and external reviews, significantly reducing the risk of exploits like the one Hundred Finance experienced.

Moreover, the Haven1 team consistently monitors unusual price movements or outflows, enabling early detection of any attack. These strict oversight measures prevent the deployment of malicious code, while the dispute resolution mechanisms facilitate the easy return of funds to affected parties. Similarly, the provable identity framework eliminates the possibility of rug pulls by anonymous developers, such as the hack that drained Merlin’s liquidity. 

Conclusion

While Q1 saw a modest increase in DeFi users, the growth has significantly slowed down since the 2022 crypto market downturn, as investors are still nursing substantial losses. Additionally, most institutions are exercising caution when it comes to digital assets. A recent JP Morgan survey revealed that 72% of institutional traders have no plans to trade crypto assets this year. 

It’s evident that a new approach is necessary to attract more users to the DeFi space and reignite the growth of this sector. There is currently a gap in the market for a secure solution that would allow users to transact in Web3 without fearing hacks and exploits. Haven1 fills this void, providing a secure environment with the goal of driving crypto adoption and attracting both retail and institutional investors to the DeFi ecosystem. 

Discover how Haven1 can revolutionize DeFi security and learn more about this innovative solution here.



DISCLAIMER: The content of this article does not constitute financial advice and is for informational purposes only. The price of digital assets can go down as well as up, and you may lose all of your capital. Investors should consult a professional advisor before making any investment decisions.

Share:

Unlock the full potential of cryptocurrency and grow your digital wealth


Unlock the full potential of cryptocurrency and grow your digital wealth