Main navigation

Over 50% of Attacks on DeFi Ecosystems Use This Vector: Researcher

Sat, 10/08/2022 - 16:28
article image
Vladislav Sopov
Kofi Kufuor, partner at crypto investment heavyweight 1confirmation, shares detailed analysis of attacks on crypto protocols
Over 50% of Attacks on DeFi Ecosystems Use This Vector: Researcher
Cover image via
Read U.TODAY on
Google News

Kofi Kufuor proposed his own classification of attacks on decentralized finance (DeFi) protocols and indicated core vulnerabilities this turbulent segment is exposed to.

Four major types of attacks in DeFi

According to his detailed post, all attacks that resulted in money being stolen from crypto protocols can be divided into four types based on "vulnerability stack."

That said, all recent attacks are executed either against the ecosystem, protocol, smart contract language, or infrastructure. Infrastructure attacks target weaknesses of consensus, Internet systems behind DeFis, private keys and so on.

Smart contract language attacks exploit design flaws of programming languages used for smart contract creation. Protocol logic attacks are executed under bad business logic and tokenomical weaknesses.

Last but not least, ecosystem attacks target the interactions between various DeFi protocols: to initiate an attack (or amplify it), malefactors borrow money from one protocol and inject it into the liquidity pools of another DeFi.

Multi-chain apps and bridges under fire

Ecosystem attacks are the most frequent: over 41% of all DeFi hacks belong to this group. At the same time, should we exclude the three most devastating hacks from the analysis (Ronin Bridge, Poly Network, BNB Chain bridge), infrastructure attacks resulted in the largest losses.

Out of ecosystem hacks, flash loan attacks with price oracles are the most frequent; various attacks on private keys (phishing, brute force, compromised keys and so on) are dominant in anti-infrastructure hacks.

Ethereum-based apps witnessed $2 billion in stolen funds. More than one half of attacks in 2020-2022 targeted cross-network bridges and multi-blockchain apps.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)