Vulnerabilities that allow hackers to target blockchain and DeFi projects
The count of decentralized finance (DeFi) and blockchain projects has increased significantly over the past year. Still, their increased popularity has also piqued cyberattackers’ interest, who managed to steal at least an estimated $1.8 billion in 2021.
What is Blockchain & DeFi?
The blockchain is a digital ledger that maintains transactions by a network of computers in a way that makes it difficult to tamper with or alter. As a result, these technologies offer a secure way of managing cryptocurrency assets and transactions, as well as facilitating smart contracts, finance, and legal agreements.
In recent years, blockchain has led to the emergence of decentralized finance. DeFi financial products and systems replace traditional banks and financial services that rely on decentralized technology and smart contracts to operate.
NFTs, DeFi and cryptocurrencies are now popular targets for threat actors who exploit vulnerabilities, logic flaws, and programming errors, run phishing campaigns and steal digital money from victims.
In May, Microsoft introduced “Cryware” to a standard dictionary of digital threats, including malware, infostealers, cryptojackers and ransomware. The new term refers to malware designed to collect and steal information from unmanaged cryptocurrency wallets, also known as “hot wallets.”
Blockchain facilitates the infrastructure that digital wallets require for transfers, deposits, and withdrawals, while hot wallets are stored locally and might be susceptible to theft.
Bishop Fox cybersecurity researchers have published an analysis of effective blockchain and DeFi heists in 2021. Cybersecurity companies have analyzed a loss of $ 1.8 billion.
The team investigated 65 major “events”, 90% classified as “unsophisticated attacks”.
According to researchers, the DeFi project had an average of five critical cyberattacks a month, peaking in May and December.
The main attack vectors of 2021 are as follows:
- 51% of Smart contract vulnerabilities
- 18% of Protocol and design flaws
- 10% of Wallet compromise
- 6% of Rug pull & exit scams
- 4% of Key leaks
- 4% of Frontend hacks
- 3% of Arbitrage
- 2% of Cryptocurrency-related bugs
- 2% of Front runs (transactions queued with knowledge of future exchanges)
“In most cases, we find that the attack is due to a vulnerability in the actual logic or protocol of the smart contract”, the researchers say. “This is not surprising for new technologies that may lack the technical wisdom to implement security measures.”
The most common bugs exploited in smart contracts that an attacker exploits are well-known bugs, Flaws in forks, and sophisticated attacks. Rug pull and exit scams have been recorded to a lesser degree.
However, robust pre-production audits and testing can avoid many of these attacks. In addition, fork developers should regularly review their code base for security issues that affect the source code of their DeFi projects.
“Currently, DeFi is a tasty target that attracts attackers looking for big and fast earnings,” says Bishop Fox. “This observation is clear given how young this technology is and that it’s all about money.”
“Technology advancements and developments that have never encountered problems are rare. DeFi developers tend to seek innovation in algorithm rather than protection, just like the first computers are networked without actually considering the potential for virus spread.”