$600 Million DeFi Hack

This week Bitcoin jumped above $47,000 and on early Sunday the market capitalization remained stable at around $2 trillion, up 0.5% following a remarkable week. Bitcoin is up four weeks straight and is on pace for its second monthly advance. Overall, it’s seen its fastest 21-day advance since February, the last time it was in the midst of vaulting toward records. The broader market remained in the green with Ethereum continuing over $3,200, Ripple gaining 20% and Ripple and Stellar, Dogecoin, and Cardano gaining 4 to 10 percent. Trading volumes on all exchanges are up by 4%, indicating that the market is moving to extreme greed and that investors are regaining their confidence. Once again, the cryptocurrency market is defying the odds against it, the negative criticism about its impact on the environment, and regulatory crackdowns lawmakers around the world are have already put in place or are planning on. Yet, last week the market posted its biggest record for a DeFi hack. In a tweet posted on Tuesday, Poly Network reported that hackers stole over $600 million. This is the biggest in DeFi’s history. The hack resulted in $273 million stolen in Ethereum tokens, $253 million in tokens on the Binance Smart Chain, and $85 million in USDC on Polygon. While the hackers returned some of the assets they stole, who should take responsibility for it?

Ilias Louis Hatzis is the founder and CEO at Kryptonio wallet. Please participate in our Crypto Wallet Survey, we could use your help. It’s 7 simple multiple-choice questions about crypto wallets and you should be done in 60 seconds. The survey is completely anonymous.

The Poly Network is a cross-chain protocol that allows users to swap tokens across different blockchains including Bitcoin, Ethereum, and Polygon. In a strange turn of events, the hackers decided to return nearly half of the stolen assets, $260 million, but their identity still remains unknown.

According to Chainalysis, the hackers exploited a vulnerability in the digital contracts used to move assets between different blockchains.

The person claiming to have perpetrated the hack said he did it “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

Before the Poly Network hack, 2021 was a pretty busy year for DeFi hackers. From January to April of this year, DeFi hacks totaled $432 million. In 2021, DeFi has accounted for over 75% of crypto hacks. In May 2021, published a report detailing the rise of DeFi-related hacks and frauds. As a result of the Poly Network hack, DeFi fraud has reached record-setting levels. This data demonstrates that, although the larger crypto sector has improved its defenses against hacking, DeFi area is still especially susceptible to attacks. The Poly Network hack serves as an example of the difficulties involved with creating cross-chain protocol implementations. In July, cross-chain liquidity protocol Thorchain lost over $8 million in the span of two weeks after being hit by two separate hacking exploits. Rari Capital, also a cross-chain DeFi protocol, was attacked in May and suffered around $11 million loss in ETH.

A lot of people are buying cryptocurrencies these days. Many are driven by the stories of how bitcoin made some millionaires or even billionaires, and these stories are pushing them towards investing their money in cryptocurrencies.

DeFi has surged in popularity in the past few years with the development of applications that let people trade, borrow, and lend funds to each other without intermediaries.

However, the rise in DeFi hacks brings to the forefront questions about security and how to keep crypto assets safe. Today, cryptocurrencies are not controlled by any organization, people don’t have anyone to turn to when their funds get stolen. For now companies alone are responsible for stolen assets, but we can expect potential regulation stemming from the hack. A week ago, Gary Gensler, SEC Chairman, called the crypto markets the “Wild West”

“Right now, we just don’t have enough investor protection in crypto. Frankly, at this time, it’s more like the Wild West. If we don’t address these issues, I worry a lot of people will be hurt.”

Where money flows, hackers follow, and right now it’s DeFi. Hackers have shifted their attention from centralized exchanges to DeFi. While DeFi protocols have initiated rapid innovation and transformation of traditional and blockchain finance, often they are hastily launched and without a proper audit, few can afford a security department and for most of the value is stored on-chain, in liquidity pool contracts. This make it a prime targets for criminals.

While DeFI puts the power back in the hands of its users, it also puts in their hands the responsibility for their own choices and security.

For now, I would suggest sticking with the basics.

Anyone in crypto needs to make sure to keep their cryptocurrency assets in a safe wallet. Some may say that going back to centralized crypto management is the solution. Unfortunately, it’s not. Users’ funds in centralized exchange have also fallen prey to hacks and mismanagement. Coins on an exchange or in a DeFi protocol are not your coins. I am sure you’re familiar with “not your keys, not your coins.” If someone has your private key, they can steal all your assets. Depending on how experienced you are with crypto, there are many types of wallets out there (MPC, social recovery, hardware etc), but for now, you need to take that responsibility.

Image Source

Subscribe by email to join the other Fintech leaders who read our research daily to stay ahead of the curve. Check out our advisory services (how we pay for this free original research.

Start the conversation at Daily Fintech Conversations