Reading time: ~2 m

Decentralized finance is increasingly being exploited. As DefiLlama data indicates, in 2021, the DeFi market had about $ 200 billion of liquidity blocked in smart contracts. Of the total blocked liquidity, at least 10% was stolen by cybercriminals. Attacks on decentralized finance are committed regularly.

Most often, they are associated with a vulnerability in the callback function. As you know, it is often used by credit protocols. With its help, smart contracts can check the user’s collateral balance before issuing a loan to him. All this is done within the framework of one transaction.

In order to cheat a smart contract, the hacker returns a function call to start the process from the very beginning. Since the transaction is not completed on the blockchain, the function once again issues a loan.

Often, development teams use the codebases of other open-source decentralized finance projects to deploy their own smart contract. They make some changes to the source code to add their functionality. This leads to a change in the logic of the smart contract and makes it vulnerable.

Also, cybercriminals commit attacks using flash credits. They are becoming increasingly popular. Fraudsters use several protocols to borrow and drag liquidity to the final act, where they increase the price of the token through oracles or liquidity pools and use it to scam the pump and dump and disappear with liquidity.

Some of the flash credit attacks targeted Pancake Bunny, which lost $200 million, and Cream Finance, which stole over $100 million.

How do I protect myself from DeFi exploits?

To create a secure decentralized finance protocol, you need to invite experienced teams. They can provide assurances that the DeFi protocol will be truly safe and reliable. Testing is also necessary. Testing should be carried out at all stages of project development and after its launch to the market.

But even the above-mentioned measures cannot provide complete protection. The reason is that cybercriminals are constantly improving their methods of attacking platforms. Therefore, if DeFi protocols want to effectively protect themselves from attacks by organized groups of hackers, they are forced to regularly conduct testing, invite companies to audit. In this case, the risks of hacking will be minimized.

Author: Vadim Gruzdev, Analyst Freedman Club Crypto News