Over 50% of Attacks on DeFi Ecosystems Use This Vector: Researcher
Kofi Kufuor proposed his own classification of attacks on decentralized finance (DeFi) protocols and indicated core vulnerabilities this turbulent segment is exposed to.
Four major types of attacks in DeFi
According to his detailed post, all attacks that resulted in money being stolen from crypto protocols can be divided into four types based on "vulnerability stack."
1/ I collected data on over $4B of crypto application hacks
In this piece, I break down how the hacks were executed, the tools we have to stop history from repeating itself, and predictions for the future of crypto securityhttps://t.co/W2A9lPz69O— Kofi (@0xKofi) October 6, 2022
That said, all recent attacks are executed either against the ecosystem, protocol, smart contract language, or infrastructure. Infrastructure attacks target weaknesses of consensus, Internet systems behind DeFis, private keys and so on.
Smart contract language attacks exploit design flaws of programming languages used for smart contract creation. Protocol logic attacks are executed under bad business logic and tokenomical weaknesses.
Last but not least, ecosystem attacks target the interactions between various DeFi protocols: to initiate an attack (or amplify it), malefactors borrow money from one protocol and inject it into the liquidity pools of another DeFi.
Multi-chain apps and bridges under fire
Ecosystem attacks are the most frequent: over 41% of all DeFi hacks belong to this group. At the same time, should we exclude the three most devastating hacks from the analysis (Ronin Bridge, Poly Network, BNB Chain bridge), infrastructure attacks resulted in the largest losses.
Out of ecosystem hacks, flash loan attacks with price oracles are the most frequent; various attacks on private keys (phishing, brute force, compromised keys and so on) are dominant in anti-infrastructure hacks.
Ethereum-based apps witnessed $2 billion in stolen funds. More than one half of attacks in 2020-2022 targeted cross-network bridges and multi-blockchain apps.
Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Related articles
Godfrey Benjamin
Dan Burgin