DeFi hacks grow 22.5x YoY in October '21 as attackers exploit flash loan vulnerabilities

Cyber exploits on decentralised finance (DeFi) systems grew 22.5x year on year (YoY) in October 2021, and accounted for almost three quarters of all major hacks in 2021. The rise in interest from cyber criminals in DeFi products is proportionate to the growth of the sector itself. However, as reports highlight, one of the key perils lies in a steep rise in interest from cyber attackers exploiting coding lapses to make major hacks.

DeFi, or decentralised finance, is an umbrella term for financial apps built on blockchain networks. They circumvent typical centralised finance intermediaries, such as banks and exchanges. DeFi products use smart contracts on blockchain networks instead of using traditional finance transaction methods. Given the rising prevalence of DeFi instruments, both volumes in the biggest DeFi products and exploits have grown in tandem.

Data from The Block Research states that as of October 27, 2021, the total amount of funds stolen from DeFi networks stood at $681.14 million (Rs 5,063.56 crore). The figure is up from $30.72 million (Rs 228.37 crore) exactly one year ago – up 22.5x in one year. In comparison, the total locked-in value in DeFi networks is up from $10 billion in September 2020 to $80 billion in September 2021.

Credit: The Block Crypto

Unsurprisingly, flash loan exploits have increasingly accounted for higher volumes of DeFi hacks this year. Flash loans are essentially non-collateralised lending that offer instantaneous advances based on smart contracts on DeFi networks, such as the Ethereum blockchain. While they have been heralded as an innovative way to transact, flash loan exploits have also been widely reported as being responsible for the bulk of DeFi hacks. Data from The Block Research states that flash loan exploits rose to an all-time high in October 2021, with last month alone accounting for $150 million lost.

Multiple reports, such as a one from August 2021 by AtlasVPN, has stated that the biggest reason behind flash loan exploits are developer incompetencies. Attackers use these flaws to take out flash loans, and subsequently manipulate a token’s price and hack it. In many cases, this sends the price of the DeFi token crashing. A report by The Block claims that all of this contributed to a net $680 million lost to hackers so far – with about 50 percent of all DeFi hacks attributed to flash loan exploits.

One of the biggest DeFi hacks happened earlier this year, when DeFi token Poly Network was attacked on the Binance Smart Chain and Ethereum blockchains. The hack saw a total of over $600 million being stolen, but some of the amount was later recovered. On this note, reports claim that the total amount initially stolen in DeFi hacks stand at over $1.4 billion, and the $680 million figure of net losses to hacks is when the total amounts recovered post hacks is accounted for.