{"id":361997,"date":"2021-11-03T18:33:22","date_gmt":"2021-11-03T15:33:22","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/cointelegraph-consulting-recounting-2021s-biggest-defi-hacking-incidents\/"},"modified":"2021-11-03T18:33:22","modified_gmt":"2021-11-03T15:33:22","slug":"cointelegraph-consulting-recounting-2021s-biggest-defi-hacking-incidents","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/cointelegraph-consulting-recounting-2021s-biggest-defi-hacking-incidents\/","title":{"rendered":"# Cointelegraph Consulting: Recounting 2021\u2019s biggest DeFi hacking incidents"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3b727bb9e73\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3b727bb9e73\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/cointelegraph-consulting-recounting-2021s-biggest-defi-hacking-incidents\/#Counting_the_incidents\" >Counting the incidents<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/cointelegraph-consulting-recounting-2021s-biggest-defi-hacking-incidents\/#Calls_for_audits\" >Calls for audits<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Cointelegraph Consulting: Recounting 2021\u2019s biggest DeFi hacking incidents <\/strong>&#8221;<\/p>\n<div class=\"post-content\" data-v-128018ef>Compound Finance is just one of the latest victims of DeFi hacking incidents in 2021. On Sept. 30, its errant token distribution bug within the Proposal 062 exposed a flaw in which $70 million\u2013$85 million in excess COMP tokens were wrongly distributed to users.\u00a0<\/p>\n<p>Yet, an extra $65 million was placed in a vulnerable vault a few days later, resulting in at least $150 million in COMP tokens at risk. But, while Compound was able to remedy the entire situation, it shows how vulnerable the decentralized finance (DeFi) sector can be, at times, due to its nascency. <\/p>\n<p>Last year, the total value locked (TVL) in DeFi <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/defillama.com\/\">was<\/a> a mere 5% of what it\u2019s current\u00a0worth\u00a0\u2014 $255 billion. The change marks an explosive 1686% growth. Even with the Compound debacle, and most recently with decentralized trading platform BXH <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BXH_Blockchain\/status\/1454366374353010695\">drained<\/a> of $139 million from an attack due to a leaked admin key, TVL actually increased over the last month, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>reciating by 14.27%. <\/p>\n<p>One reason why investors have flocked to DeFi protocols is to search for higher returns. The rock-bottom interest rates of 2020 lacked a clear framework for an increase and that caused investors to look for other avenues to park their cash. Locking crypto assets to DeFi protocols and supplying liquidity for such services became an attractive option, as it offers more attractive returns. What ensued was a yield farming boom in 2020 that has prevailed up to this year.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2021-11\/e7550543-522f-40cc-9de1-fdf8e624530c.png\"><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Counting_the_incidents\"><\/span>Counting the incidents<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The rising popularity of DeFi is a double-edged sword for the young sector and the entire cryptocurrency space as a whole. Since 2012, 534 blockchain hacking incidents have taken place with 169 events coming in 2021 alone, according to Chinese cybersecurity firm Slow Mist. Hacks have grown in sophistication and target various areas in the space. <\/p>\n<p>Nevertheless, the biggest hack to ever take place occurred in 2021 and was carried out by an unknown hacker on cross-chain protocol Poly Network. The result was an equivalent of $610 million in tokens stolen, topping the losses of MtGox and Coincheck. The attack pocketed about $273 million from the Ethereum network, $85 million in USD Coin (USDC) from the Polygon network and $253 million from Binance Smart Chain. It also removed sizable amounts of renBTC, wrapped Bitcoin (wBTC) and wrapped Ether (wETH).<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"consulting_newsletter\"><\/template><\/p>\n<p>The incident with Poly Network is one of the many DeFi hacking instances in 2021. Poly Network was fortunate to recover all of the funds. Cream Finance, on the other hand, was not so lucky. The decentralized lending protocol comes in at a distant second, and the attacks it took \u2014 which was twice this year \u2014 wiped out nearly $150 million that it is still trying hard to recover. Overall, the total amount of money lost due to blockchain hacking this year is nearly $7 billion, which is a $2.5 billion increase from last year.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2021-11\/a831fac6-6aa6-4d06-9e23-1e6b1ba68577.png\"><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Calls_for_audits\"><\/span>Calls for audits<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Poly Network, Compound and Cream Finance have made it to the top three by the number of funds affected (totaling $906 million). Like Cream Finance, there are also other notable protocols in which exploits took place more than once in the same year, like THORChain and Value DeFi. <\/p>\n<p>Also, albeit negligible at $1.5 million in contrast to the affected funds of the rest of the victims, Merlin Labs, a yield optimizer built on BSC, was attacked thrice \u2014 initially twice in the same week and once more a month later. Furthermore, what\u2019s surprising is that it was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/merlinlab.com\/15052021_Merlin_SC_SecondReview_Audit_Report.pdf\">audited<\/a> by Hacken 11 days before the attack.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2021-11\/a92f308b-f270-49cb-b231-3cdeb6abfa3e.png\"><\/figure>\n<p>Security experts recommend a smart contract to undergo an audit, usually through independent auditors. An audit could help detect and possibly rectify smart vulnerabilities in code and check the reliability of the smart contract&#8217;s interactions.\u00a0<\/p>\n<p>Kava Labs CEO Brian Kerr told Cointelegraph in May 2020\u00a0that it is critical for anyone who wants to use a DeFi protocol to first check audits and peer reviews. But even then, he warns of associated technical and market risks since the sector, again, is still new.<\/p>\n<p><strong><em><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bit.ly\/CTC-market-insights-oct-21-nov-3-2021\">Download<\/a> the 34th<\/em><\/strong><strong><em> issue<\/em><\/strong><strong><em> of the Cointelegraph Consulting Bi-weekly <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a>letter in full, complete with charts and market signals, as well as news and overviews of fundraising events.<\/em><\/strong><\/p>\n<p>Among the projects that fell victim to attacks this year, only about 15 out of the 40 affected DeFi protocols were audited. But it\u2019s worth noting that the affected funds for the audited protocols were significantly less than those that weren&#8217;t audited. For each audited company, the amount of loss was almost 60% less than those that were unaudited. As a whole, 20.3% of the affected funds in all the protocols hacked this year were from protocols that were audited, while 79.67% or about $1.3 billion were from those that were unaudited.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2021-11\/4ffcd881-672d-4ba3-8a58-507dfd75d87f.png\"><\/figure>\n<p>The four major reasons DeFi protocols get hacked include coding mistakes, developer incompetence, misuse of third-party protocols and business logic errors. The most common among these and possibly the most dangerous is developer incompetence, which is also a direct consequence of coding mistakes. Inadequately qualified developers rushing to launch a project without a rigorous third-party check can result in protocols that are more susceptible to exploits.<\/p>\n<p>This is why there is an ongoing push for an extra measure in improving security protocols in the industry. Audits, particularly smart contract security audits and secondary auditing, are just two ways to achieve this. As Kerr said, an investor&#8217;s technical diligence is also warranted in scrutinizing a DeFi protocol before investing.<\/p>\n<p>Still, the light at the end of the tunnel is that these hacks could be essential in advancing the DeFi sector. CipherTrace chief financial analyst John Jefferies told Cointelegraph back in August that such crimes will spark an acceleration of know-your-customer, or KYC, procedure acceptance, particularly with the decentralized exchanges, or DEXs, as it can be critical in getting regulatory approval.<\/p>\n<p>As DeFi matures, especially with the advent of layer-one blockchains competing against Ethereum, the hacking events of late are perhaps just the tip of the iceberg, and the poorly designed and unaudited protocols could be in a whole heap of trouble.<\/p>\n<p><em>Cointelegraph\u2019s Market Insights Newsletter shares our knowledge on the fundamentals that move the digital asset market. The newsletter dives into the latest data on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> sentiment, on-chain metrics, and derivatives.<\/em><\/p>\n<p><em>We also review the industry\u2019s most important news, including mergers and acquisitions, changes in the regulatory landscape, and enterprise blockchain integrations. Sign up now to be the first to receive these insights. All past editions of Market Insights are also available on Cointelegraph.com.<\/em><\/p>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/cointelegraph-consulting-recounting-2021-s-biggest-defi-hacking-incidents\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Cointelegraph Consulting: Recounting 2021\u2019s biggest DeFi hacking incidents &#8221; Compound Finance is just one of the latest victims of DeFi hacking incidents in 2021. On Sept. 30, its errant token distribution bug within the Proposal 062 exposed a flaw in which $70 million\u2013$85 million in excess COMP tokens were wrongly distributed to users.\u00a0 Yet,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":361998,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMTEvNzIxMWM5NzMtYjc4Ni00YzY5LTkwYTItYWNkMDliY2Q2OWE2LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,75952,74868,74882],"class_list":["post-361997","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cointelegraph-consulting","tag-defi","tag-hacks"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/361997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=361997"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/361997\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/361998"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=361997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=361997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=361997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}