Posted on April 22, 2022 at 8:47 PM
As the decentralized finance DeFi sector keeps gaining more attention, threat actors are also looking to continue their activities on these platforms to gain financially. While many will see the DeFi platform as very secure, they are also vulnerable to attacks at times. This year, along, there have been more than four attacks on DeFi platforms, which shows how often the platforms are being targeted.
The latest incident occurred in a not-so-popular DeFi platform called Zeed. According to security researchers at Blockchain analytics company BlockSec, the threat actors exploited a bug in the Zeed DeFi protocol used to distribute rewards to users. The vulnerability allowed the hacker to successfully mint extra tokens from the platform. While the threat actor gained $1 million from the $YEED token, it crashed the prices for everyone.
The threat actor used a smart contract that automatically exploited a vulnerability on the platform. the exploit was deemed successful, although there was one error in the plan, as noted by the researchers. The actor can be likened to a robber that steals from a bank but forgets to take their loot along while escaping.
$1 Million Worth Of Tokens Gone Forever
Generally, after hacking DeFi platforms, the hackers move the stolen funds to a smart contract, known as an “attack contract.” From there, the token is moved to a wallet while the contract self-destructs. However, in this case, the threat actor appears to have forgotten to move the crypto fund out of the wallet before engaging in the self-destruct feature.
According to the report, $1,041,237 worth of stolen crypto funds there were stuck in the contract can never be retrieved again since they were set to self-destruct. This means that while the hacker was not able to steal any money, the DeFi platform has also lost the entire amount in the irrecoverable smart contract.
The latest incident is another indication that DeFi platforms, renowned to be highly secure, have become easily penetrable by threat actors. As a result, security researchers have called on developers to find a long-lasting measure that will help to prevent vulnerabilities and keep users’ funds safe.
Recent data from analytics platform The Block shows something interesting regarding the increasing level of threats against DeFi platforms.
Attacks On DeFi Protocols Surge
The data showed that attacks on DeFi platforms have surged by an enormous 22.5 times compared to its figures the previous year. Additionally, blockchain research firm Chainalysis, in a recent publication, revealed that about 14% of all crypto assets stolen from January this year have been taken from DeFi platforms. It was 70% in 2021 and only 30% the year before.
Some of the popular hacks on DeFi networks this year include the attack on Ronin Network, which is attached to Axie Infinity, a well-known web3 game around the world. Previously, most crypto heists are a result of security breaches from the private keys of the victims. However, hackers have started targeting the DeFi platforms directly, and are recording some level of success.
The conventional attack method of gaining access to the private keys of the user is the crypto-equivalent of pick-pocketing. The recent attack on the Ronin Network, where about $615 million worth of crypto assets were stolen, is a good example of the attacking method. Earlier this week, another major crypto wallet, MetaMask, alerted users about a possible compromise.
A few days ago, a hacker exploited an algorithm stablecoin project Beanstalk, and made away with $182 million worth of crypto assets. The hackers wiped all the Ethereum (ETH) tokens held by the platform. After the confirmation of the theft, the BEAN token fell alarmingly from $1 a token to just 10 cents, according to the data from CoinGecko.
Hackers Are Now Aiming Higher
The rate of attack on the DeFi platform, which is nearly a hack a week, was almost the same last year. However, the value of funds stolen is now higher. According to Rekt, since August last year, 37 hacks have been recorded in DeFi platforms, with a combined theft of $2.9 billion worth of cryptocurrencies.
That is very close to the $3.2 billion worth of tokens stolen from the DeFi platform throughout 2021, according to Chainalysis. As DeFi projects keep getting more attention, hackers are now looking for bigger and more significant loots. In most cases, they target new DeFi protocols that have not been completely vetted or tested.