Skip to content

Research Finds Smart Contract Exploits Hardest to Eliminate as FBI Raises Warning

  • 2 min read
  • Latest

In a recent research report, Token Terminal finds that there are three root causes of DeFi exploits, and removing smart contract vulnerabilities is by far the most challenging of the three.

Since interest in decentralized finance has skyrocketed, so have the hacks and rug pulls in the segment with an estimated 105 on-chain exploits resulting in the theft of almost $4.2 billion from various protocols.

Interestingly, the research finds that the biggest hacks, on average, come via cross-chain bridges and central exchange (CEX) wallets, whereas yield aggregators and lending protocols are most frequently abused.

“The largest exploits tend to be across multiple chains or on major ecosystem bridges.”

FBI raises new DeFi warning for investors and platforms

The three largest DeFi exploits to date, Ronin Network ($624 million), Poly Network ($611 million), and Wormhole ($326 million), are all cross-chain bridges that dominate the list of the largest exploits. Bridges typically lost over $188 million in every hack, the report noted.

Recently, the US Federal Bureau of Investigation (FBI) cautioned the investors and platforms about these risks in DeFi in a public service announcement.

“Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money,” the agency noted. “Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.”

Conversely, yield aggregators and lending protocols are the most frequently targeted systems by attacks, however, they frequently result in smaller financial losses per attack as per Token Terminal. In general, yield aggregators and lending protocols were abused more frequently, while bridges and CEXs typically suffer the biggest losses per exploit. Cross-chain bridges and CEX hot wallets account for $2.2 billion in stolen assets, or over 52% of the total amount compromised.

Safe-keeping of private keys is the simplest rescue plan

The
Read Full Article…