A recent Messari report details that, from 2019 to early 2021, USD 284 million deposited on DeFi (decentralized finance) platforms fell into the hands of hackers. Some of them lost more than half of the total funds committed.
The figure comes from a report published on April 28 on Twitter on the @MessaryCrypto account , where it also stands out that, so far, insurers only cover a percentage of the TVL (total blocked value) on the aforementioned platforms.
It should be noted that, despite being a huge sum of money, the stolen figure does not represent even 1% of the value locked in DeFi, which reaches USD 65,340 million, according to data from DeFi Pulse at the time of writing this note
Statistics released by Messari note that the flash loans ( loans flash ) are most commonly used by hackers to these fraudulent schemes. Other techniques are reported price manipulation, bugs in software and intelligent manipulation of codes contracts, among others.
The most important attack in terms of amounts occurred in 2020, more precisely on November 26. At that time, Compound suffered the theft of USD 90 million, approximately 6% of its TVL .
On the other hand, the second robbery on this list is quite recent. It happened on February 13, 2021, when USD 37.5 million was stolen from the Alpha Homora and Cream Finance platforms . This represented 14% of the TVL of the first and 71% of the second.
The graph details the damaged DeFi, the method used by the hackers and the amounts stolen. Source: Twitter Messary.
Also, other major fraud occurred on LendF.me, from where USD 25 million was illegally extracted from an ERC-777 reentry attack in April 2020. There is also the case of Harvest Finance, which suffered the extraction of USD 24 million in October of the same year, with a loss of 61% of its TVL; and Pickle Finance, from where they stole USD 20 million in November 2020, which reduced the platform’s TVL by 81%.
Finally, other DeFi that make up the list of victims in double-digit figures in million dollars are Eminence Finance (USD 15 million) and SushiSwap (USD 13.8 million).
More recently, the Uranium Finance platform, a fork of the SushiSwap protocol that works on the Ethereum blockchain, suffered an attack on Tuesday night, April 27, during the migration of the protocol to its version 2.1. It lost USD 50 million, which must be added to the previous estimates.
A pending matter of the DeFi
As CriptoNoticias highlighted, at the beginning of this year 2020 was a very hectic year for DeFi platforms. On the one hand, they registered a growth of more than 2,100%, according to DeFi Pulse. Thus, the total blocked value rose from USD 650 million to USD 14,430 million, despite a pronounced fall in this indicator with the fall of the markets in March.
However, security was a problem as well . The rapid increase in its popularity, number of users and TVL, together with the increasing use of Dapps (decentralized applications) and other factors led to many attacks and security problems for users and for the platforms themselves.