The biggest DeFi hacks in 2021
The biggest DeFi hacks in 2021
Image Source
Last year, decentralized finance (DeFi) came into focus as capital locked in smart contracts and decentralized programs increased.
The hackers implemented various programs to infiltrate the platforms and extracted different amounts from each of them.
In this article, I mentioned some of the biggest DeFi hacks in 2021 and the amount of capital stolen from each project.
Currently, more than 54% of 2021 hacks in the field of digital currencies are related to the DeFi industry.
Compare this to last year's figures, when only 3% of thefts were related to decentralized finance.
The following is a list of DeFi hacks that have cost investors about $1.2 billion this year alone.
| Hacked capital (dollars) | Project |
| Exact information is not available | Alchemix (ALCX) |
| 37,000,000 | Alpha Finance Lab (ALPHA) & Cream Finance (CREAM) |
| 822,000 | AutoShark Finance (JAWS) |
| 11,000,000 | bEarn Fi (BFI) |
| 50,000,000 | Belt Finance (BELT) |
| Exact information is not available | Bondly Finance (BONDLY) |
| 1,500,000 | BT Finance (BT) |
| 7,200,000 | BurgerSwap (BURGER) |
| 55,000,000 | bZx |
| 5,200,000 | ChainSwap (ASAP) |
| 19,000,000 | Cream Finance |
| 130,000,000 | Cream Finance |
| 11,000,000 | Dao Maker |
| 1,910,000 | DODO (DODO) |
| 80,000,000 | EasyFi (EZ) |
| 4,600,000 | Eleven Finance (ELE) |
| 376,000 | Force DAO (FORCE) |
| 14,000,000 | Furucombo (COMBO) |
| 1,300,000 | Growth DeFi (GRO) |
| 500,000 | Impossible Finance (IF) |
| 170,000 | Iron Finance (IRON) |
| Exact information is not available | Levyathan (LEV) |
| 31,000,000 | Meerkat Finance (MKAT) |
| 1,560,000 | Merlin Lab |
| 160,000,000 | Paid Network (PAID) |
| 200,000,000 | PancakeBunny (BUNNY) |
| 2,400,000 | PancakeBunny (BUNNY) |
| 268,000,000 | Poly Network |
| 25,000,000 | Popsicle Finance (ICE) |
| 3,950,000 | Punk Protocol (PUNK) |
| 15,000,000 | Rari Capital (RGT) |
| 5,700,000 | Roll |
| 275,000 | Saddle Finance |
| 248,000 | SafeDollar (SDO) |
| 30,000,000 | Spartan Protocol (SPARTA) |
| 3,100,000 | Sushi |
| 18,039,000 | THORChain (RUNE) |
| 2,400,000 | TurtleDex (TTDX) |
| 50,000,000 | Uranium Finance |
| Exact information is not available | Venus Protocol (XVS) |
| Exact information is not available | Wild Credit (WILD) |
| 24,500,000 | xToken (XTK) |
| 11,000,000 | Yearn Finance (YFI) |
When it comes to new technologies such as blockchain and decentralized finance (DeFi), hackers are motivated enough to steal assets.
DeFi is an industry with thousands of different services running on multiple blockchains and interacting with each other.
This emerging industry has created a lot of vulnerabilities in the service layer, which is very attractive to opportunistic hackers.
How do hackers exploit DeFi platforms?
Examining the list of the biggest hacks of 2021, it seems that hackers are exploiting vulnerabilities in private key management protocols and security loopholes in smart contract code.
Use vulnerabilities related to private key management
You need a private key to manage your digital assets.
The ability to securely store and transfer assets is only guaranteed as long as the private key is secure.
Once it is compromised, the funds are easily transferred to the hacker wallet; Therefore, preventing the theft of private keys is crucial to maintaining the security of digital assets.
Multi-Party Computation is one of the best ways to secure your private key. This solution is designed to distribute private key switches between multiple systems instead of keeping them all in one Internet-connected system.
Because hacking is associated with a return on investment, if a hacker knows that the account has tens or hundreds of millions of dollars in capital, he or she will pay to drain it.
With MPC, a hacker is forced to target multiple computers instead of attacking one system, which is costly.
But if the return on investment is appropriate, the hacker will carry out the attack.
Use of vulnerabilities related to smart contracts
Another way to hack DeFi services is to use vulnerabilities in the code, which can involve a variety of attacks, including running a function until memory is full and endangering users's locked-in contract capital.
Such vulnerabilities often reflect how smart contracts interact with each other, and smart contracts need to be thoroughly reviewed in the first place.
In contract auditing, developers, with the help of blockchain researchers, select the best ways to implement applications and eliminate errors that could be exploited by hackers.At present, for decentralized finance, reviewing smart contracts is one of the wisest things to do.
Conclusion
The DeFi ecosystem has many services to offer to traditional financial institutions, and this tortuous path is so important that the threat of opportunistic hackers cannot be ignored.
Fortunately, by adhering to the two security constitutions, decentralized finance projects can greatly reduce their risks.
The first rule is for financial institutions to manage their private keys in the most secure way; To keep most of the assets in cold wallets out of the reach of hackers and to manage only a small amount of assets with MPC to perform high-repetition and automated transactions.
The second rule is to review security breaches.
It both reviews smart contracts and assesses compliance with Rule #1.
@tipu curate
Upvoted 👌 (Mana: 5/7) Get profit votes with @tipU :)
follow-up & voting with comments... @mamraj2020 Thank you very much