A recent report by Halborn highlights how hacks in DeFi continue to pose a serious threat, despite a decrease in the amount stolen in 2023. Protocols must improve security to protect investors.
Let’s see all the details below.
On- and off-chain hacks continue to put DeFi at risk
Decentralized finance (DeFi) has revolutionized the world of cryptocurrencies, providing new opportunities for investors and increasing access to financial services.
However, the sector remains vulnerable to serious security threatsas highlighted in a recent report from blockchain security firm Halborn.
Despite a 50% drop in stolen amounts in 2023 compared to previous years, hacks in DeFi remain a major concern.
According to Halborn’s report, which analyzes the top 100 DeFi attacks between 2016 and 2023, the total accumulated losses amount to $7.4 billion.
The most affected platforms include Ethereum, Binance Smart Chain, and Polygon, where the majority of attacks were concentrated.
On-chain attacks, such as smart contract exploitation, price manipulation, and governance attacks, are among the most prevalent in DeFi.
However, off-chain attacks, including private key theft, account for a significant portion of the total, with 29% of overall attacks and 34.6% of funds stolen.
In 2023, off-chain attacks accounted for 56.5% of total incidents and 57.5% of amounts stolen.
This shift towards off-chain attacks is particularly concerning because these attacks can occur even without directly compromising the blockchain.
Stealing private keys, for example, allows hackers to directly access users’ funds, bypassing the security measures based on blockchain.
The Importance of Multi-Signature Wallets and Code Verification
One of the key recommendations of the Halborn Report is the widespread adoption of multi-signature wallet, a security measure that requires approval of a transaction by multiple parties before it is executed.
Surprisingly, only 21% of the protocols affected by the attacks implemented this type of protection, leaving plenty of opportunities for exploitation by hackers.
Furthermore, Halborn emphasizes the importance of code verification, especially in blockchain protocols.
Lack of code verification or validation of faulty inputs is one of the main causes of vulnerabilities in smart contracts, which are the foundation of many DeFi platforms.
Accurate code verification could prevent many attacks that exploit these weaknesses.
Cross-chain bridges, which enable the transfer of assets between different blockchains, are identified in the report as a particularly vulnerable attack vector.
Halborn warns that protocols should carefully examine the code before implementing a cross-chain bridge, as these mechanisms are often the target of sophisticated exploits.
A recent example is the attack on the Ronin Bridgeoccurred last week, resulting in a loss of $12 million.
This incident follows another, even bigger exploit that happened two years earlier, when a whopping $625 million was stolen over the same protocol.
The crucial role of regulatory compliance
With evolving regulations, compliance is becoming increasingly central for DeFi platforms.
Regulatory authorities are paying increasing attention to the safety and protection Investors and platforms that fail to maintain high security standards could find themselves in difficulty.
Bitfinexone of the most advanced cryptocurrency trading platforms, recently launched a collaboration with Komainu Connect to explore a new remote custody solution.
This collaboration, based on Ledger Tradelink technology, demonstrates the commitment of leading cryptocurrency platforms to improve security and compliance, providing institutional investors with a safer trading environment.
Despite progress in reducing hacks, DeFi remains a high-risk sector. Attacks continue to evolve, exploiting new vulnerabilities both on-chain and off-chain.
To protect investors and ensure the long-term sustainability of the industry, it is essential that DeFi protocols adopt stronger security measures, such as the use of multi-sig wallets and thorough code verification.
