Decentralized finance (DeFi) hacks continue to pose a significant threat to the blockchain industry, despite a notable decline in the total amount stolen in 2023. A recent report by blockchain security firm Halborn highlights that the accumulated losses from the top 100 DeFi hacks between 2016 and 2023 have reached a staggering $7.4 billion. The report emphasizes that the majority of these attacks have targeted platforms operating on Ethereum, Binance Smart Chain, and Polygon.
The report outlines several critical insights regarding the nature and frequency of DeFi hacks:
- Types of Attacks: The most common forms of on-chain attacks include smart contract exploitation, price manipulation, and governance attacks. However, off-chain attacks, particularly private key theft, account for 29% of total attacks and 34.6% of the funds stolen. In 2023, off-chain attacks represented 56.5% of all attacks, resulting in 57.5% of the stolen amount.
- Security Measures: Alarmingly, only 21% of hacked protocols employed multi-signature wallets, a security feature that requires multiple approvals for transactions, thereby enhancing security. This lack of robust security measures has left many protocols vulnerable to exploitation.
- Audit and Validation Issues: The report underscores that most on-chain attacks occurred on protocols that had not undergone thorough auditing. A significant contributor to the losses from smart contract exploitation is the absence of proper input verification or validation within these protocols.
- Cross-Chain Vulnerabilities: Cross-chain bridges have emerged as a critical attack vector. Halborn advises protocols to meticulously review their code before utilizing these bridges to mitigate potential risks.
The ongoing threat posed by DeFi hacks is underscored by recent incidents. Notably, the Ronin Bridge was hacked last week, resulting in a loss of $12 million. This incident follows a more significant exploit two years ago, which saw a staggering $625 million stolen from the same protocol. Such repeated vulnerabilities indicate a persistent issue within the DeFi ecosystem, where protocols may not be implementing adequate security measures to protect against evolving threats.
The financial repercussions of DeFi hacks continue to mount. An earlier report from Immunefi revealed that hacks targeting DeFi platforms resulted in losses totaling $473 million in the first half of 2024 alone. This figure highlights the ongoing risk that investors and users face in the DeFi space, despite the overall decline in the amount stolen compared to previous years.
The Halborn report serves as a stark reminder that while the total amount stolen from DeFi hacks may have decreased in 2023, the threats remain pervasive and evolving. The findings underscore the need for enhanced security measures, including regular audits, the implementation of multi-sig wallets, and rigorous code reviews, particularly for protocols utilizing cross-chain bridges. As the DeFi landscape continues to grow, stakeholders must prioritize security to safeguard against the ever-present risk of hacking and exploitation.