Cryptocurrency DeFi platforms are now more targeted than ever

Hackers are increasingly targeting DeFi (Decentralized Finance) cryptocurrency platforms, with Q1 2022 data showing that more platforms are being targeted than ever before.

In 2021 alone, about $3.2 billion worth of digital assets were stolen, which was already an explosion compared to previous years.

However, the trajectory for 2022 looks to be even more aggressive, with almost $1.3 billion already stolen during the Q1 alone.

Overview of digital asset theft
Overview of digital asset theft (Chainalysis)

The new report comes from Chainalysis, which is seeing a massive rise in successful cyberattacks against cryptocurrency platforms, with attacks primarily focusing on DeFi platforms.

DeFi has a big problem

A whopping 97% of all cryptocurrency stolen this year are from DeFi platforms, leaving a mere 3% to exchanges. While two years ago, DeFi accounted for only 30% of all digital assets stolen.

Most of these attacks relied on exploiting code vulnerabilities or a security breach on the platform allowing cryptocurrency theft.

DeFi platforms are completely decentralized and free of intermediaries, exchanges, and brokers, using a system of smart contracts on a blockchain to offer lending, trading, insuring, and interest-earning.

DeFi platforms need to rely on transparent, open-source development models to convince investors of their trustworthiness, which allows researchers to analyze the smart contracts and services for bugs.

However, this also allows threat actors to examine the same code and potentially find and exploit a bug before its fixed. Unfortunately, there’s commonly a bug that lies undetected and unfixed, which malicious actors can use to siphon people’s funds in a flash.

Another issue with DeFi platform security used to be the possibility to manipulate the market during a loan action, driving the value of the borrowed token down via excess slippage and then repurchasing it at a deflated price.

This special “flash loan attack” unfolds in seconds and may simultaneously involve multiple DeFi platforms.

In 2022, most protocols switched to using decentralized price oracles, which are resistant to manipulation, so the problem appears to have been addressed.

Type of attacks hitting DeFi platforms
Type of attacks hitting DeFi platforms (Chainalysis)

Where the money goes

Stealing cryptocurrency is one thing, but obscuring the path to your pocket and making it usable without going to prison is another.

According to Chainalysis data, threat actors passed most of the stolen assets in 2022 through risky laundering services such as coin tumblers and illegal exchanges on the dark web.

Tumblers, or mixers, are services that attempt to anonymize cryptocurrency transactions by mixing received crypto with coins from other users and services. The mixer will then take a commission from the received cryptocurrency and send the rest to another wallet address owned by the threat actor, hoping to evade law enforcement.

Destination of stolen cryptocurrency
Destination of stolen cryptocurrency (Chainalysis)

In 2021, a significant 25% of all cryptocurrency stolen from DeFi platforms was returned to the victims after some time, serving as an atypical white-hat hacking exercise.

So far this year, no funds stolen from DeFi platforms have been returned, so the threat actors weren’t interested in making security statements but money.