On August 10, 2021, Poly Network was confirmed to have been stolen and lost $610 million, making it the largest hack in DeFi history.

In 2021, the DeFi craze will intensify, and the industry seems to be participating in this ecology like chicken blood. It seems that the day when the end of centralization will come soon.

Oracles, smart contract wallets, decentralized lending, and decentralized transactions, many practitioners in the blockchain industry are beginning to be optimistic that the golden building of DeFi has been basically completed, and GameFi (DeFi+NFT) is even more powerful. out. In the future, DeFi monetary policy may become more gamified, and users' funds will become equipment used in DeFi games.

DeFi, which has been singing all the way, has frequent security incidents, and users and investors can't help but have doubts. Why can such a major security incident occur in the more mature DeFi? Who Should Be Liable After a Decentralized Security Incident Happens? The victim can only confess himself?

What is DeFi?

What is DeFi?

The full name of DeFi is Decentralized Finance, that is, decentralized finance. DeFi is a financial application ecosystem developed using blockchain technology. It establishes a decentralized environment where access does not require permission. In this environment, everyone can freely link and manage their own assets.

That is to say, DeFi is a financial system built on the blockchain, which is open to everyone. At the same time, it will be more convenient and faster to remove the middlemen in the process of the financial system.

Comparison of centralized finance and decentralized finance:

The advantages of DeFi are as follows:

1) No credit review, instant calculation, interest arbitrage, leverage, financial derivatives;

2) Automatically reduce transaction costs and make components for other decentralized financial derivatives facilities;

DeFi applications include lending, spot trading, derivatives trading, stablecoins, asset management, prediction markets, and the creation of synthetic assets.

Is DeFi safe?

On August 10, the most serious security incident in the history of the DeFi industry broke out so far. The Poly Network, a cross-chain interoperability protocol, was hacked and $610 million worth of encrypted assets was stolen. This incident shows that cross-chain protocols are more vulnerable to attacks, and the incident has aroused widespread concern in the industry. Is it an attack by the hacker team, or is the project party just guarding against itself? We can wait and see.

This incident reminds us that a hacker named Joe used a flash loan with zero funds to earn $360,000 in a certain transaction. The incident sparked discussion and controversy. The point of contention is that Joe's actions cannot be identified as "hacking" and he did nothing to trigger the law.

Relevant data shows that there have been 11 major security incidents in the DeFi field in the past one and a half months, of which 5 occurred in cross-chain protocols. In the DeFi environment, if there is a risk, the user's risk is higher. Hackers or lawbreakers who break the law and commit crimes are more profitable.

Types of crimes exploiting DeFi

According to relevant statistics, the number of virtual currency theft, hacking and fraud in the first half of 2021 has more than tripled compared to the same period in 2020, but there has been a significant increase in the hacking incidents of decentralized financial DeFi (the number of DeFi hackers in 2021 accounted for 27% of hacks and thefts in 2021), and 21% of DeFi hacks and thefts in 2020.

According to a report by a US cybersecurity company on August 10, the theft, hacking and fraud in "DeFi" from January to July this year caused a loss of 474 million US dollars, a record high. Due to the decentralized design of the DeFi project and the completely anonymous processing mechanism, it has attracted a large number of hackers, giving hackers an opportunity. Of course, hacking and fraud are only one type of crime in the DeFi field. Let’s look at the types of crimes related to DeFi.

Use DeFi to launder money or cash out

A hacker used the DeFi mechanism (algorithm only, no transaction account, no identity authentication) to launder money, and began to use Uniswap to cash out. Successively, OCEAN, Synthetix, and COMP emptied the various coins stolen from KuCoin one by one. The criminal method of this hacker actually provides an idea for illegal money laundering organizations. Some security experts predict that DeFi is extremely easy to be used for money laundering and cashing out, and people have no very suitable methods to fight against it.

DeFi uses machine algorithms instead of human-computer intervention, so hackers or money laundering criminals only need to follow the machine algorithms, which in turn limits people's human-computer intervention.

These decentralized exchanges (for example: Uniswap) are bound to damage the brand reputation of decentralization if human intervention is to take place. In this case, the relevant decentralized exchanges choose to do nothing, and hackers or criminals who launder money can freely enter and exit the market.

Therefore, under the DeFi boom, black and gray forces use DeFi to launder money, which is completely operable. Coupled with the "pioneering" spirit of some hackers, they provide them with "successful cases". Large-scale operations and relatively safe cash-out channels for money laundering have been born. The struggle between money laundering and anti-money laundering will become more and more important in the future DeFi field, which may also determine whether DeFi can go far. An important factor.

Using DeFi to scam

Since the No. 1 DeFi product on EOS "Emeraldmine (Emeraldmine)" and the project YFIII, which is a joke in the industry, have run away one after another.

Scammers have also started pouring into the DeFi space. The screenshot below is the user's comments on social media after the EMD Jade Project transferred all the locked EOS and USDT away.

image description

Emerald project running away message

Summarize

Summarize

The concept and design of DeFi itself are very good, but from the criminal data and cases related to DeFi, it can be seen that DeFi has been used by criminals as the main target of building anti-censorship tools, money laundering tools, fraud and theft.

The security team of Zhifan Technology believes that in the future, criminals’ modus operandi will be more organized, more purposeful, and highly anti-tracking in the DeFi field.