New fintech projects are emerging every day in the market to quickly capitalize on the leaning market sentiments towards DeFi. As of today, DeFi products have more than $42B worth of digital assets locked in their smart contracts. This attracts investors and criminal hackers alike to DeFi, resulting in the most DeFi hacks to date.
Companies are in a jiffy to launch their new DeFi ideas and earn money that they often forego a proper security verification and validation of the product. This creates a potential of security threats putting hundreds of millions of digital assets in jeopardy. Many projects are just exit scams and fraud. Maneuvering this relative immaturity in the DeFi market, new patterns of DeFi attacks are emerging. Some of the attacks involve draining the liquidity pools, manipulating entire markets with price oracles, and flash loan attacks.
According to a report by security analysis firm, CipherTrace, half of the 2020 crypto hacks are from DeFi protocols and exchanges. Stolen funds from the largest hack, KuCoin worth $281M, were laundered through DeFi exchange, Uniswap.
According to DeFi Security Synopsis by QuillHash Technologies, since 2020, flash loan attacks alone have filched nearly $150M from DeFi projects.
How Secure and Risky Is DeFi?
DeFi products are built on blockchain which is permissionless and autonomous having no central governance model like traditional financial institutions. Blockchains do not require any KYC of their users in order to maintain their privacy. So most DeFi projects require no to minimal customer verification. This makes them vulnerable and lucrative targets for malicious users. Also, funds once stolen are possible to hide from tracing. With actions being irreversible on the blockchain, it is not possible to revoke transactions containing stolen funds. And there is no stopping any malicious actor to use any protocol.
The functionality of DeFi is coded in the smart contracts for digital agreements between participating parties. The rush in the market to launch products and the lack of the necessary financial knowledge sometimes attribute to mistakes in the protocol. These can be errors in coding or could be errors in the business logic where developers fail to foresee any loopholes. Also, some hackers have taken advantage of flaws in the established token standards like ERC-20 and ERC-777 on which these projects are based. This owes to the relative immaturity in the market. The companies are now choosing for proper security testing and auditing to ensure no gaps.
Sometimes the founders of the DeFi projects Founders taking advantage of their position.
DeFi products use price oracles to feed external data into the smart contracts. It could be weather information or the price of any crypto-asset which affects the decision-making process in the code. Mostly this data is fed directly and used without verification in smart contracts. Any latency or manipulation in the data supplied from the oracle can create errors in the entire system.
Sometimes abusive bots are used to manipulate the market. Their strategies are similar to “spoofing”, a practice in which bots are used to enter fake orders only to cancel them. This is aimed at tricking other investors to buy or sell an asset by falsely signaling there is more supply or demand.
Some DeFi tokens are exposed as pump and dump scams developed to defraud investors. A small group of influencing investors select and purchase DeFi tokens with a low market capitalization, thereby causing an initial jump in its price. They use their huge followers base on social media to convince unsuspecting DeFi investors to purchase the tokens by providing false information claiming the token is about to experience substantial gains. Once enough investors have been misled into purchasing the token and its price has risen by enough, the initial group of investors sell their holdings to take profit, before the price collapses and all following investors make heavy losses.
DeFi scams commonly referred to as rug pulls by the community have jeopardized the fate of many crypto assets. Here are the examples of the famous hacks:
Reentrancy Attack on Lendf.me:
In April 2020 a hacker stole digital assets worth $25M from Lendf.me, a market created by dForce by exploiting a reentrancy vulnerability. It exploited an ERC-777 vulnerability in order to drain the funds from the smart contract. The hack took place after dForce allowed imBTC, a synthetic Bitcoin asset following the ERC777 standard, to be used as collateral on Lendf.Me.
As a feature, ERC-777 allows the token contract to notify senders and receivers when the tokens are sent or received from their accounts. One possible reaction to such an event is reentering the ERC777 contract and calling another send. When Lendf.Me enabled the use of imBTC as collateral, the enabled ERC777 callback notification made Lendf.Me vulnerable to reentrancy attacks.
The attacker first truthfully deposited a substantial amount of imBTC as collateral. Subsequently, they triggered another deposit of imBTC, but within the callback and before the actual transfer of imBTC, they withdrew their original imBTC deposit. The code of Lendf.Me did not account for such a transfer or execution to the callback being possible and performed crucial state updates after the transfer completed based on data stored in local variables. Therefore, after properly decreasing the attacker’s collateral within the hooked withdrawal, the code overwrote the attacker’s collateral value when the execution returned to the deposit being performed. In consequence, both the operations together recorded a net collateral increase. By continuing to perform the same attack, from the perspective of the protocol, the attacker’s collateral balance inflated to well over 25 million USD: however, the imBTC that the attacker used while executing the attack was already in their personal account.
This allowed the attacker to finalize their attack by “borrowing” all liquidity within each of the 12 lending markets with collateral that was not physically present inside of Lendf.Me. However, after receiving pressure from the authorities and dForce, the hacker returned nearly all funds.
Harvest Finance (FARM) Exploit:
On 26 October 2020, someone took advantage of a vulnerability in one of Harvest’s programmed investment strategies to steal US$24 million in stablecoins. Harvest is a DeFi yield aggregator. Users put money into it and it automatically pools and invests those funds in various other DeFi applications in the promise of big returns. The curve is a liquidity pool where Harvest depositors can earn returns by being liquidity providers.
The attacker exploited the fact that Harvest uses a Curve price feed to calculate the value of its pool shares. Harvest needs to check prices to calculate how much of a share someone gets when they enter its Curve farming pool (deposit), and how much of a share they give up when they leave the pool (withdrawal). Attacker manipulated the prices on Curve so he could claim a larger share of the pool on deposit in Harvest by driving up the prices of the deposited asset, and give up a smaller share of the pool on withdrawal by driving down the prices before making a withdrawal.
Hacker used two piles of money one for Curve and the other for Harvest. The curve pile large enough to swap back and forth between USDT and USDC on Curve, to move the prices of the USDT and USDC there and in turn change the prices Harvest was using to evaluate deposits and withdrawals. The harvest pool was used to deposit to and withdraw from Harvest in time with the price swings. Using these funds and flash loans, the attacker was able to walk with $24M at the end by paying only 10 ethers for gas.
To carry out the attack, the attacker took out a flash loan of 18.3 million USDT and 50 million USDC. He converted 17.2 million USDT into USDC on Curve, pushing up Curve’s USDC prices. Then he deposited 50 million USDC into Harvest, and thanks to elevated USDC prices received 51.5 million shares (known as fUSDC). He converted the USDC back into USDT on Curve, pushing prices back down. On Harvest, he converted 51.5 million fUSDC into 50.6 million USDC at prevailing rates and withdrew USDC.
The attacker repeated this sequence 17 times over 4 minutes for the USDC pool, then mirrored it 13 times within 3 minutes for the USDT pool. In the end, they withdrew their profits of exactly 13 million USDC and 11 million USDT to another wallet.
Sushiswap is a fork of a popular decentralized exchange, Uniswap. The founder of Sushiswap, Chef Nomi, withdrew about $14 million of developer funds and nearly sunk the entire project threatening to turn it into a potential exit scam. On Sept 5th, 2020, the anonymous founder allocated 10% of all SUSHI tokens to the development fund of the project. Since he was the only developer, he took the fortune for himself and then traced those funds for ETH on Uniswap, causing the price of SUSHI token to drop more than 80% in one day. The outraged community accused Chef Nomi of executing an exit scam. Ultimately the founder publicly apologized on Twitter and returned the funds.
bZx Exchange Attack:
bZx is a tokenized lending, borrowing, and margin trading platform. The attack was a single transaction that borrowed millions of dollars in a flash loan and threaded these funds through several DeFi protocols to elegantly manipulate and exploit bZx’s collateral pool. The attacker borrowed $10M in ETH through a flash loan from DyDx, posting no collateral in the process. Used $5M in ETH to take a 5x short position on the ETH-wBTC book on bZx. BZx forwarded the order to KyberSwap, which surveyed the best possible rate, and finally filled the order on Uniswap. This incurred significant slippage and drove Uniswap’s wBTC price 3x higher.
The attacker carried the other $5M in ETH to Compound and borrowed a stack of wBTC against the ETH collateral. He used this borrowed wBTC to sell into Uniswap’s inflated price. Using the profits and the proceeds, the flash loan was paid in full the transaction successfully completed.
This maneuver resulted in a direct profit of 71 ETH, along with an active loan on Compound worth 1200 ETH, for a net profit of 1271 ETH (worth $355K at the time). The transaction also resulted in an active bZx loan, which is where the loss comes from. The key mechanic was the ability to take a large 5x margin short position on a thinly traded book (ETH-wBTC) which incurred significant slippage. BZx was designed to protect against this, but the attacker found a clever bug that bypassed these checks. This one oversight exposed the bZx collateral pool to deep losses.
A second attack occurred through a similar mechanic. A flash loan was used to inflate Uniswap’s Synthetix USD price to $2 (instead of $1), and the attacker then deposited sUSD into bZx as collateral (at this inflated price) to borrow more ETH than they should’ve been allowed. They then ran away with the borrowed funds with no intention of paying back the underwater bZx loan, netting the attacker 2,378 ETH (after paying back the flash loan), worth $630K at the time.
In the next part of the article, we will cover some other famous attacks on DeFi protocols.