Image Source: iStock
The cryptocurrency market is becoming one of the most advanced financial ecosystems in today’s digital world. As of press time, the total market capitalization stands at $2.7 trillion, with Bitcoin and Ethereum taking the first and second positions, respectively. While these two digital assets are a hallmark in the crypto industry, other emerging niches such as Decentralized Finance (DeFi) are gradually attracting more capital.
According to DeFi Llama stats, the total value locked (TVL) in DeFi protocols stands at $267 billion, a figure that was barely $1 billion at the onset of 2020. Well, it is not all roses for this upcoming sector; DeFi applications have triggered a spike in malicious attacks, accounting for over 50% of the crypto hacks in 2020 and 2021. Per the latest report by Cipher Trace, DeFi hacks totalled $361 million during the first half of 2021.
So, what are some of the ways malicious attackers are targeting victims? There are several approaches that these rogue players are using to siphon funds from Decentralized applications (DApps) and unsuspecting crypto investors. But perhaps the most prevalent ones have been identity theft, exploiting application bugs and network attacks.
The Security Threats Facing DApps
DApps are designed to operate as decentralized ecosystems, allowing innovators and developers to build decentralized financial services and applications. These applications are run through smart contracts, which act as the middleman, executing transactions or operations based on pre-coded conditions/instructions.
Despite the value proposition of smart contracts, recent developments have revealed that some of these infrastructures are vulnerable to malicious attacks. The following section of the article details how attackers are taking advantage of DApps to gain access to users’ funds or the pooled liquidity in existing DeFi protocols.
Identity Theft
With the crypto ecosystem still in its early stages of development, malicious attackers have found an edge in identity theft. In most cases, the attackers spread malware to deceive DApp users and compromise their identities. They are distributed through the internet, including phishing emails that prompt users to click on malicious links.
In the past, malicious attackers have hard-forked legit networks, directing users to their dummy protocols to steal addresses and passwords. This form of malicious attack is what has since been coined as identity theft.
Notably, some advanced malware, such as Glupteba, leverage the Bitcoin blockchain for updates. This particular malware spreads through scripts, allowing the attackers to access confidential information, including user-id, passwords, saved cookies and browsing history.
Exploitation of Application Bugs
As mentioned earlier, smart contracts are not as secure as most people imagine them to be. These blockchain development infrastructures are coded by developers who sometimes can miss existing bugs; meanwhile, malicious attackers are always on the lookout for such opportunities to swindle funds.
For instance, the Poly Network hack, where about $600 million worth of funds were compromised, resulted from mismanagement of access rights in the platform’s two fundamental smart contracts; EthCrossChainManager and EthCrossChainData.
While the Poly Network hack is the largest DeFi hack to date, other protocols have also experienced security threats due to weak smart contract infrastructures. Compound, for example, recently found itself at a crossroad when a token distribution bug resulted in the errant allocation of $70 million – $80 million worth of COMP tokens to the wrong users.
Network Attacks
Network attacks are another security threat to DApps, primarily when the smart contracts are poorly coded. Unlike the Bitcoin Proof-of-Work (PoW) blockchain, most DApps leverage the Proof-of-Stake (PoS) consensus, which means that malicious attackers don’t have to carry out a 51% attack to take control of the network. Instead, they can compromise the smart contracts and send the pooled funds to external wallets.
Cream Finance, one of the lending protocols built on Ethereum, is a victim of DeFi network attacks. The protocol was compromised in October, resulting in a loss of $130 million in funds. According to follow-up on the breach, the attackers took advantage of Cream’s lending protocol vulnerabilities to carry out a flash loan transaction.
Ideally, flash loan attacks involve market manipulation to drive down the value of borrowed assets, giving the attackers an opportunity to repurchase the tokens at a lower price and repay the loan.
Protecting DApps From Identity Theft & Network Exploits
While the DeFi exploits have cost investors a dime, they have also given rise to native solutions that reduce the probability of occurrence. On this front, we have emerging solutions such as decentralized digital identity wallets, which enable DApp innovators and users to interact with DeFi seamlessly and securely.
The Safle decentralized blockchain identity wallet is one of the solutions currently addressing the security challenges in DeFi. This decentralized ecosystem enables users to create a decentralized wallet through the SafleID wallet, an EVM compatible smart contract wallet that supports multiple blockchain networks (Ethereum, Binance Smart Chain (BSC) and Polygon).
With Safle’s decentralized blockchain identity wallet, DApp users can interact with DeFi protocols while securing their addresses and private keys through Safle’s vault. Additionally, the platform features a tech stack that allows developers to integrate the Safle wallet into their DApps. Crypto users who leverage this ecosystem can operate without being worried about hackers compromising their identities.
As for the smart contract exploitations, the best combat approach is building robust and tested DApps. Today, most of the DApps projects launching hardly undergo rigorous audits before launch. This complacency has resulted in the exploitation of prominent protocols such as Poly Network and Cream Finance. That said, it is never too late to change the narrative; DeFi stakeholders can improve the market’s security by embracing proper audits and incentives such as bug bounties to address the underlying challenges.
Bottom Line
As more people embrace the potential of crypto assets, the market will likely grow bigger in the coming years. This being the case, the existing market participants should pay more attention to security issues. On the one hand, innovators have the task of building more robust DApps, while on the other, DApp users have to carry out more due diligence before engaging with any DeFi protocol.
Thanks to the solutions such as decentralized digital identities, the workload has been reduced for both groups. Secure digital identities will play a fundamental role in fostering the growth of DApps and the crypto ecosystem at large.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.