• Crypto Lists
  • Bitcoin
  • Blockchain
  • Cryptocurrency
  • Altcoin
  • Advertise With Us
  • Join our Telegram Community
Newsletter
ItsBlockchain
  • Bitcoin
    Is the Russia-Ukraine War the Biggest Test for Bitcoin? Market Update

    Is the Russia-Ukraine War the Biggest Test for Bitcoin? Market Update

    Bitcoin ETFs could have the same result as CME group futures launch in 2017

    Bitcoin ETFs could have the same result as CME group futures launch in 2017

    featured image

    How Bitcoin can be hacked?

    keep bitcoin safe

    Keep Your Bitcoins Safe: All You Need to Know About Crypto-Cyberthreats

    featured image

    Bitcoin IRA – Everything You Need to Know

    A trillion dollar tsunami is about to hit Bitcoin

    A trillion dollar tsunami is about to hit Bitcoin

    featured image

    Why Bitcoin will always be the number one cryptocurrency? Explained

    Crypto markets mirror Wall Street’s fall- Loses 100 billion in 24 hours and Delta Plus Variant creates extreme fear

    Crypto markets mirror Wall Street’s fall- Loses 100 billion in 24 hours and Delta Plus Variant creates extreme fear

    On-chain shows Divergence against Bearish Price-Action, But Bitcoin continues to stay in the Re-Accumulation Phase

    On-chain shows Divergence against Bearish Price-Action, But Bitcoin continues to stay in the Re-Accumulation Phase

    Trending Tags

    • Crypto Gems
    • NFT
    • DEFI
    • Crypto Lists
    • Altcoin
    • Crypto Market
    • Guide
    • IBC Capital
    No Result
    View All Result
    • Bitcoin
      Is the Russia-Ukraine War the Biggest Test for Bitcoin? Market Update

      Is the Russia-Ukraine War the Biggest Test for Bitcoin? Market Update

      Bitcoin ETFs could have the same result as CME group futures launch in 2017

      Bitcoin ETFs could have the same result as CME group futures launch in 2017

      featured image

      How Bitcoin can be hacked?

      keep bitcoin safe

      Keep Your Bitcoins Safe: All You Need to Know About Crypto-Cyberthreats

      featured image

      Bitcoin IRA – Everything You Need to Know

      A trillion dollar tsunami is about to hit Bitcoin

      A trillion dollar tsunami is about to hit Bitcoin

      featured image

      Why Bitcoin will always be the number one cryptocurrency? Explained

      Crypto markets mirror Wall Street’s fall- Loses 100 billion in 24 hours and Delta Plus Variant creates extreme fear

      Crypto markets mirror Wall Street’s fall- Loses 100 billion in 24 hours and Delta Plus Variant creates extreme fear

      On-chain shows Divergence against Bearish Price-Action, But Bitcoin continues to stay in the Re-Accumulation Phase

      On-chain shows Divergence against Bearish Price-Action, But Bitcoin continues to stay in the Re-Accumulation Phase

      Trending Tags

      • Crypto Gems
      • NFT
      • DEFI
      • Crypto Lists
      • Altcoin
      • Crypto Market
      • Guide
      • IBC Capital
      No Result
      View All Result
      ItsBlockchain
      No Result
      View All Result
      Home Crypto Market

      How (Not) To Get Rekt – DeFi Hacks Explained

      Karthik Guttha by Karthik Guttha
      August 10, 2021
      in Crypto Market, Projects
      0 0
      0
      defi hacks
      220
      SHARES
      2.8k
      VIEWS
      Share on FacebookShare on Twitter

      The financial instruments of the crypto ecosystem are nowhere near perfect, and it applies to even some of the best projects in the DeFi space. We see rug pulls almost every day on the Binance Smart Chain, leaving millions of users hopeless. While some companies are trying to compensate, others simply exploit the decentralized finance mechanism associated with smart contracts. 

      In most of these DeFi exploits, the developers are installing back-door exits so that top auditing firms are having a tough time, and before they know it, they cash out their accounts, leaving zero traces online. The money lost after such exploits is increasing to unimaginable amounts-over $200 million in 2021 alone.

      To understand how these attacks happen, we reached out to one of the core developers at Sushiswap, Mudit Gupta, and he shared some insights on this topic and helped us understand the inner workings behind such DeFi exploits. So let us get started! 

      Common Vulnerabilities in DeFI Protocols

      A majority of the DeFi projects are exposed to the same vulnerabilities over and over again. While some use third-party resources, others deploy manipulation attacks to change several aspects of the protocol. 

      According to Mudit:

      “Smart Contracts re-entry and oracle manipulation are two common vulnerabilities observed in the recent DeFi hacks. While The former was used in the infamous DAO hack. The latter is relatively new and usually involves using flash loans to poison the price feed of a token”

      What is Flash Loan Attack

      As we know, flash loans allow users to gain access to large amounts of assets, given they return the borrowed asset by the end of the transaction. But they can also be used to pair with oracle manipulation attacks. 

      “Flash loans alone cannot be considered as a vulnerability, but when a hacker uses it to manipulate supply and demand, then it affects the price of tokens”– Mudit. 

      It is also important to note that the hacker should hold many tokens to have a significant impact on the defi protocol. 

      How Responsible developers are for these hacks

      Bug-free nature is usually not possible when developing software, especially something as complicated as smart contracts. It is better to consider different options available to lower the risk of being hacked. 

      Mudit Said:

      “Developers should follow best security practices to evaluate the protocols, but it is even more important to get external audits to ensure the reliability of the smart contracts.” 

      That is why we cannot normalize and blame developers for the DeFi exploits. The industry is still growing so we can expect to see better support systems to ensure such hacks never happen. 

      Common Reasons behind these Hacks

      If we see defi cases from a couple of years back, we can only see code exploits being used by the hackers, but that is not the case right now. 

      “ In the DeFi space, it is crucial for developers to have good enough experience in financial primitives of blockchain and executing code. If they lack in any one of them, their projects can be vulnerable to either economic or code exploits”-Mudit 

      These hacks and exploits of protocol infrastructure will keep happening because we are still in the early stages of development, so investors should be careful when dealing with such experimental projects. 

      Major DeFi Hacks Explained 

      Pancake Bunny 

      BUNNY | No 1. Yield Optimizer

      Pancake Bunny has nearly $1.2 billion locked in farming pools, so it is clearly serving its purpose and helping farmers earn yields. The vaults associated with the Pancake Bunny project are unique because they save gas fees and the interest auto-compounds every 24 hours. The staking mechanism is also robust, and users don’t have to follow any complex procedures to set up their account. 

      What went wrong: 

      The hack on Pancake Swap is a typical manipulation of flash loan operation prices. The WBNB-BUNNY LP is flawed, and the hacker took advantage of it. The price of tokens in the liquidity pool was inflated, and the smart contract made it easy for the attacker to receive large amounts of BUNNY tokens. Here is a detailed analysis from Slowmist. 

      Money Lost:

      700,000 BUNNY tokens and 114,000 BNB got away, which at the time were valued at $200 million. 

      BurgerSwap 

      Burger Swap (BURGER) - Price, Chart, Info | CryptoSlate

      BurgerSwap is an automated market maker, helping users earn mining rewards and interests on their contributions to the LP. It got great attention from top protocols in the industry for its cross-chain token swaps. It also allows users to participate in the governance. The main reason for people using BurgerSwap is low fees and barriers to entry. 

      What went wrong: 

      A flash loan attack caused BurgerSwap to lose millions of dollars, and that too happened in only 14 transactions. The attacker had deployed a fake native coin to form a trading pair with BurgerSwap, leading to an increase in the reserve supply. As the price kept on increasing, the hacker started to accumulate more assets. 

      Money Lost:

      $1.6 million in BNB , $ 3.2 million in BURGER coin, $ 1.4 million in Tether, and $ 152,000 in ROCKS 

      How can we minimize DeFi hacks and make protocols more reliable? 

      The DeFi Market has close to $100 billion in locked value so that we can expect more such exploits from different hackers worldwide. Crypto space is now like a fast-moving arena, so we will definitely be at a loss if we don’t keep up with it. This is why developers have to embrace a new philosophy when it comes to smart contract development. Here are some best practices to safeguard security threats:

      Careful Rollouts 

      Comprehensive testing and bug bounty help a great deal in increasing security for smart contracts. It is also recommended to use multiple phases to release the full production of the project. This way, developers can conduct testing after every phase and refine the functionalities of the smart contract. 

      Easy-to-Manage Code

      When things get complex, mistakes pile up, so the best practice to follow is to induce simplicity to your code. The easiest way to do that is- break down the code into modules and differentiate each function. This gives the development team more clarity and assurance on their code’s functionality. 

      In-depth Analysis on Blockchain 

      Developers can build one of the best programs ever, but if they don’t understand how smart contracts work in real-time, they will most probably miss some key functions in the execution of the code. So developers need to get familiarized with blockchain, including external contract calls, block gas limits, and timestamps. 

      Closing Thoughts 

      We have lost more than $1B in DeFi hacks in the last three years. So the importance of safeguarding these protocols cannot be more emphasized. New vulnerabilities like Oracle manipulation are also surfacing, and many hackers use them to pump and dump token prices. While there are companies like Chainlink providing promising solutions, the number of attacks seems only to increase. Smart contracts are indeed revolutionary entities, but we should be careful with what project we are dealing with. So keep updating your knowledge base on such projects and do your own research to escape from getting caught in such DeFi exploits. 

      Karthik Guttha

      Born and brought up in India, Karthikeya Gutta is a crypto journalist and freelance contributor for ItsBlockchain. He covers various aspects of the industry with in-depth analysis and research. His passion towards blockchain and crypto ecosystem is mainly because he believes it can really change the world and help millions of people.

      IBC-Transparent-Logo-(1)

      Subscribe To Our Newsletter

      Join our mailing list to receive Cryptocurrency investing and trading recommendations to your mailbox.

      You have Successfully Subscribed!

      Tags: defi hacksfeatured
      Share88Tweet55Share22

      Subscribe to get notified on latest posts.

      Unsubscribe

      Related Posts

      Top 5 DeFi Projects on Tezos

      Top 5 DeFi Projects on Tezos

      by Karthik Guttha
      December 26, 2022
      0

      In this article, we will deep dive into DeFI Ecosystem on Tezos, and I will share Top 5 Projects Building...

      ATOM Set to Explode after the Revised Tokenomics

      ATOM Set to Explode after the Revised Tokenomics

      by Aniketh Paul
      October 14, 2022
      0

      ATOM 2.0 Tokenomics will change the future of Cosmos hub and its native token. In this article, We'll deep dive...

      MetaOasis: The Next-Gen Game Publishing Platform You Should Care About

      MetaOasis: The Next-Gen Game Publishing Platform You Should Care About

      by Hitesh Malviya
      June 27, 2022
      0

      MetaOasis is the next-generation game publishing platform linking Web2 and Web3. Based on the Avalanche chain, MetaOasis reduces users’ learning...

      Cardano News: Acardex (ACX) Token Pre Sale Is Live!

      Cardano News: Acardex (ACX) Token Pre Sale Is Live!

      by Hitesh Malviya
      April 7, 2022
      0

      Acardex decentralized Exchange building on the Cardano network is glad to announce the launch of its ACX token pre sale....

      Web3 Reward Economy Is Here— Are You Ready to Take Home Free Money?

      Web3 Reward Economy Is Here— Are You Ready to Take Home Free Money?

      by Karthik Guttha
      March 24, 2022
      0

      Web3 Reward Economy Is Here— Are You Ready to Take Home Free Money? The growth of the crypto industry over...

      Load More

      About Us

      We curate the best cryptocurrency projects with the intention of adding value for investors through the process of selecting, organizing, and looking after different projects available in the cryptocurrency market.

      • Trending
      • Comments
      • Latest
      featured image

      List of leading partners of Ripple, and How they use XRP?

      February 2, 2021
      Top 5 DeFi Projects on Tezos

      Top 5 DeFi Projects on Tezos

      December 26, 2022
      Top crypto coins for 2018

      Top 25 crypto coins to Buy in 2018 [UPDATED]

      October 4, 2018
      Binance Smart Chain Ecosystem: A Guide

      Binance Smart Chain Ecosystem: A Guide

      March 31, 2021
      IoT Chain

      IoT Chain : The IOTA Killer

      September 20, 2018
      Highlights from 2021: The Year of Crypto

      Highlights from 2021: The Year of Crypto

      December 31, 2021
      Be warned! Hackers are abusing API keys and stealing your funds

      Be warned! Hackers are abusing API keys and stealing your funds

      June 15, 2021
      Polygon: The Swiss Army Knife of Web3

      Polygon: The Swiss Army Knife of Web3

      May 27, 2023
      Worldcoin: The Biggest Crypto Scam or Innovation?

      Worldcoin: The Biggest Crypto Scam or Innovation?

      May 18, 2023
      EIP-4844 Explained | The Biggest Ethereum Upgrade

      EIP-4844 Explained | The Biggest Ethereum Upgrade

      February 7, 2023
      What Blockchain Can Learn From Barnes & Noble and the Jacksonville Jaguars

      What Blockchain Can Learn From Barnes & Noble and the Jacksonville Jaguars

      January 17, 2023
      RINO Enterprise Wallet launches free Community Edition

      RINO Enterprise Wallet launches free Community Edition

      January 14, 2023
      Top 5 DeFi Projects on Tezos

      Top 5 DeFi Projects on Tezos

      December 26, 2022
      Modular Blockchains: The Next Big Thing in Web3

      Modular Blockchains: The Next Big Thing in Web3

      December 12, 2022
      • Top 10 Cheap Cryptocurrencies with Huge Potential in 2021 | Best Penny Crypto Coins

        Top 10 Cheap Cryptocurrencies with Huge Potential in 2021 | Best Penny Crypto Coins

        29635 shares
        Share 11843 Tweet 7402
      • A Mysterious Bitcoin Whale who sold 3000 Bitcoins at 58K$, Bought back 3521 Bitcoins in the last three days

        9933 shares
        Share 3972 Tweet 2483
      • Top 10 Low market cap altcoins to invest in 2021

        7269 shares
        Share 2906 Tweet 1816
      • Top 10 NFT Crypto Projects You Should Know

        7256 shares
        Share 2623 Tweet 1640
      • List of leading partners of Ripple, and How they use XRP?

        6150 shares
        Share 2460 Tweet 1537
      ItsBlockchain

      We are India’s first and oldest Blockchain & Cryptocurrency publication platform started in 2016. We are a one-stop destination for technical analysis, cryptocurrency recommendations, and Blockchain technology resources.

      Buying Guides

      • Buy Bitcoins in India
      • Buy Bitcoins in China
      • Buy bitcoins in Russia
      • Buy Bitcoins in Japan
      • Buy Bitcoins in Turkey

      Important Links

      • Home
      • About US
      • Privacy Policy
      • Promote Your ICO
      • Submit post

      Follow Us

      Contact us

      support@itsblockchain.com

      © 2020 itsblockchain.com - Designed and maintained by Fanatic Coders

      No Result
      View All Result
      • Bitcoin
      • Crypto Gems
      • NFT
      • DEFI
      • Crypto Lists
      • Altcoin
      • Crypto Market
      • Guide
      • IBC Capital

      © 2020 itsblockchain.com - Designed and maintained by Fanatic Coders

      Login to your account below

      Forgotten Password?

      Fill the forms bellow to register

      All fields are required. Log In

      Retrieve your password

      Please enter your username or email address to reset your password.

      Log In
      This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.