DeFi hacks and exploits total $285M since 2019, Messari reports
DeFi’s rising popularity since 2019 has seen the emerging market segment become a target for hackers and opportunistic profiteers.
According to a report by crypto research company Messari, DeFi protocols have lost about $284.9 million to hacks and other exploit attacks since 2019. This figure of lost or stolen amounts to about 0.65% of the adjusted total value locked of the Ethereum-based DeFi market, according to data from DappRadar.
In February Messari calculated that over $284 million in DeFi was lost to hacks since 2019
At this point in time, the decentralized insurance industry only covers a fraction of TVL in DeFi. The need is ripe for the picking. pic.twitter.com/WkZVI0TuWb
— Messari (@MessariCrypto) April 28, 2021
Almost half of the DeFi hacks covered in the Messari report were flash loan attacks, providing further evidence of it being the most popular exploit vector in the DeFi landscape. Indeed, many of the major DeFi “hacks” have been flash loan attacks that sometimes take advantage of temporary defects in price oracle feeds.
While crypto hacks declined in general in 2020, DeFi accounted for more than half of the attacks recorded during the year. In 2021 so far, Alpha Homora and Cream Finance made headlines when both protocols fell victims to rogue actors with the former suffering the single largest hack in DeFi history, losing $37.5 million.
The Alpha Homora incident also put the quality of smart contract auditing into question given that major smart contract auditing outfits like Quantstamp and Peckshield reviewed the project’s codes.
DeFi hacks are not only restricted to the Ethereum chain as the Binance Smart Chain environment is also clocking similar incidents. With growing activity on BSC, DeFi protocols on the network have also fallen victim to rogue actors using familiar attack vectors.
As previously reported by Cointelegraph, Uranium Finance, a BSC-based automated market maker platform lost $50 million to a hacker. The attacker exploited bugs in the project’s smart contract and was able to siphon funds during a planned token migration event.