Decentralised finance (DeFi) exchanges are becoming breeding ground for digital thieves. In the first three months of this year, hackers have stolen $1.3 billion from exchanges, platforms, and private entities combined, according to a report by blockchain data platform Chainalysis.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
The firm estimates around 97% of all cryptocurrency stolen in the first three months has been taken from DeFi protocols, up from 72% in 2021 and just 30% in 2020.
DeFi is based on the peer-to-peer concept that removes intermediaries from the system. DeFi democratises finance and replaces traditional centralised institutions like banks, brokerages, and NBFCs (Non-Banking Financial Companies).
With the massive rise in cryptocurrency investments, individuals and institutions are now exploring DeFi that provides easy and cheaper access to capital, efficient lending and borrowing.
A DeFi protocol uses computer code called smart contracts that run on the blockchain network.
Users of the DeFi protocol can communicate with these smart contracts using their wallets to transfer funds, borrow, lend or avail any service that the DeFi provides.
“The answer to why DeFi protocols are being increasingly hacked lies in the code they are based on. The majority of hacking attacks happen because of smart contracts’ code vulnerabilities that the hackers exploit to gain access to user funds,” Johnny Lyu, chief executive officer, KuCoin said to The Hindu.
The decentralized nature of DeFi platforms makes them even more vulnerable to attacks, as hackers target specific bugs in the software suites, which are very transparent since the apps are open source, Lyu said.
DeFi is on a blockchain network and generally open source. Anyone with an internet connection can view, audit the source code and see all the transactions.
Lyu also highlighted that many of today’s DeFi projects are launched hastily and do not pay much to build a strong security team making them prone to hacks.
