The $600m cryptocurrency heist and the need for security infrastructures in DeFi

By Gaia Lamperti

Making global headlines, the news of the largest cryptocurrency heist on Tuesday made the DeFi world tremble. Hackers stole some $600 million from blockchain site Poly Network exploiting a vulnerability in the system and taking thousands of digital tokens.

In a letter addressed to the hackers and published on Twitter, Poly Network said: “The amount of money you have hacked is one of the biggest in DeFi history.” And added: “The money you stole are [sic] from tens of thousands of crypto community members, hence the people.”

While it seems that hackers are now returning all the funds stolen, the heist comes as the latest of a series of frauds targeting cryptocurrency systems developed independently, such as Ether and Binance. This year, frauds in decentralized finance, or DeFi, hit an all-time high of $474 million in criminal losses just in the first seven months of 2021, a report from crypto intelligence company CipherTrace recently found.

“It shouldn’t come as a surprise that as the DeFi ecosystem expands, so are DeFi crimes,” Dave Jevans, CipherTrace’s CEO, said to Reuters.”Just eight months into 2021, DeFi hacks, thefts, and frauds have already surpassed the total DeFi crimes from 2020. This means regulators around the globe are paying closer attention to DeFi specifically.”

Yet, losses from theft, hacks, and fraud in the overall cryptocurrency market dropped sharply to $681 million at the end of July, an encouraging figure if compared to $1.9 billion for the whole of 2020 and $4.5 billion in 2019. The drop in crypto crime reflects the industry’s growing maturity and much-improved security infrastructure. However, there is still room for improvement and security systems should continue to fine-tune, as this week’s heist promptly reminded.

While it continues its rise to success, the decentralised finance sector is still mostly unregulated with its platforms allowing users to conduct transactions, usually in cryptocurrency, without traditional gatekeepers such as banks or exchanges. DeFi crimes can either consist of the hack of a protocol from outsiders or “rug pulls” by insiders which occur when one of the developers abandons a project and keeps the investors’ money. Other risks associated with the sector are corruption of admin keys, coding mistakes, price manipulation and misuse of third-party protocols.

According to the CipherTrace study, the majority of DeFi crimes in 2021 appear to have been conducted by outsiders as hacks, making up $361 million, or 76%, of all DeFi-related crimes. The remaining 24% are rug pulls tallying over $113 million at the end of July.

Last week, the US Securities and Exchange Commission (SEC) charged lender Blockchain Credit Partners and two of its top executives for raising $30 million through allegedly fraudulent offerings. The case is the SEC’s first involving securities in the DeFi space.

So, while DeFi has been growing exponentially and is currently generating tens of millions of transactions daily, we need to remember that with great success comes great risks. The system is still in its experimental stage and there are hurdles to overcome before its technology is ready for mass adoption. Hence, fully understanding its vast potential as well as its threats, becomes critical to audit a solid security infrastructure for the DeFi of tomorrow.