Editor's Note: This article comes fromCybtc Blockchain (ID: cybtc_com), reprinted by Odaily with authorization.

Editor's Note: This article comes from

Cybtc Blockchain (ID: cybtc_com)

Cybtc Blockchain (ID: cybtc_com)

, reprinted by Odaily with authorization.

DeFi has been one of the main drivers of cryptocurrency market momentum in 2020, and it stands to reason that the emerging financial landscape has attracted scammers and hackers. The abundance of unaudited smart contracts and cloned code has become a recipe for vulnerabilities and exploits, often resulting in the theft of millions of dollars in digital assets.

The November 2020 CipherTrace report stated that in the first half of the year, DeFi accounted for 45% of all thefts and hacks, resulting in losses of more than $50 million. That figure rose to 50 percent of all theft and hacking incidents in the second half of the year, the report said.

In an interview with Cointelegraph, CipherTrace CEO Dave Jevans warned that DeFi could be hit by regulation: “In 2020, DeFi hacks now account for more than half of all cryptocurrency hacks, a trend that has attracted the attention of regulators.”

He added that regulators are more concerned about the lack of anti-money laundering compliance: “Funds stolen in the largest hack of 2020 — the $280 million KuCoin hack — were laundered using DeFi protocols.” Jevons also believes In 2021, regulators are expected to clarify what actions DeFi protocols can take to avoid the consequences of non-compliance with AML anti-money laundering regulations, code security audits and possible sanctions.

Exchange Hacks of 2020

The KuCoin hack happened in late September, when the exchange’s CEO Johnny Lyu confirmed that the breach affected the company’s Bitcoin, Ethereum, and ERC-20 hot wallets after private keys were leaked.

By early October, KuCoin said it had identified a suspect and had formally brought law enforcement into the investigation. By mid-November, the Singapore-based exchange announced that it had recovered 84 percent of the stolen cryptocurrency and restored full service for most of its tradable assets.

There have been other hacks of exchanges this year, but KuCoin is the biggest hack victim. Italian exchange Altsbit lost nearly all of its funds in a $70,000 hack in February, and there have been a number of other minor cryptocurrency exchange breaches. As of October 2020, as many as 75 centralized crypto exchanges were closed due to various reasons, with hacking becoming the main reason.

secondary title

Vulnerabilities and hacks in DeFi 2020

With billions of dollars pouring into DeFi protocols and crypto farms popping up, the nascent space has become a hotbed for hackers. The first major breach of 2020 occurred on DeFi lending platform bZx in February, when two flash loan exploits resulted in the loss of nearly $1 million in user funds. A flash loan is a situation where crypto collateral is borrowed and repaid in the same transaction.

bZx halted platform operations to prevent further losses, but this drew criticism from industry observers, who claimed that it was ultimately a centralized platform after all, and could be “the end of DeFi.”

The market crashed in March, resulting in massive collateral liquidations, especially for Maker’s MKR token, but this was not caused by hackers. The next one was the following month, when imBTC, which uses a bitcoin-wrapped version of the ERC-777 token standard reentrancy method, was attacked. The attacker could use the full value of Uniswap to withdraw liquidity, which was estimated at $300,000 at the time.

In April, Chinese crypto lending platform dForce exploited all of its liquidity using the same vulnerability. The hackers have repeatedly enhanced their ability to lend against other assets, and made an estimated $25 million in profit from it.

Balancer is the next DeFi protocol to steal Ethereum-wrapped ether from its liquidity pools in a well-planned arbitrage attack, exploiting the protocol for as much as $500,000. A series of token swaps for flash loans and arbitrage took place against a vulnerability that the Balancer team apparently knew about.

bZx was more of a hack than another exploit, but in July, bZx made headlines again with its dubious token sale being ordered by bots in the same area that marked the start of the token generation event Manipulation of purchase orders. The attackers made nearly a million dollars in price increase profits.

DeFi options protocol Opyn was the next victim in August, when hackers made more than $370,000 using its ETH Put options. The exploit allows attackers to “double practice” Ethereum to stake tokens and steal collateral. Opyn recovered about 440,000 USDC from the excellent vault using white hat hacking and returned it to the Put option seller.

Again, not an outright hack, but a code flaw in an unaudited Yam Finance smart contract that affected the repricing of the governance token, leading to a price crash in mid-August. The protocol was forced to call on DeFi whales to keep it by re-voting it as version 2.

secondary title

The emergence of SushiSwap

The SushiSwap saga started at the end of August and coined the terms “vampire mining” and “rugging.” The anonymous protocol cloner and administrator known as “Chef Nomi” sold $8 million worth of SUSHI tokens, causing the token’s price to plummet. A few days later, FTX exchange CEO Sam Bankman-Fried rescued the protocol, which was controlled by a consortium of DeFi whales via multi-signature smart contracts. Ultimately, all funds were returned to the developer fund.

During the last altcoin boom in 2017, people would pull the rug or “pump and dumps” as they were called, and continue with many DeFi clones like Pizza and Hotdog. The price of these grain farm tokens spiked and plummeted within hours or even minutes.

In mid-October, hordes of “degenerate farmers,” or a group of people as they were called, piled funds into DeFi protocol Yearn Finance founder Andre Cronje’s unaudited and unsecured account. In the published smart contract. The Eminence Finance contract lost $15 million after it was hacked within hours of Cronje tweeting a teaser about the new "gaming multiverse." The hackers returned about $8 million but kept the remaining funds, prompting disgruntled traders to file legal action against the Yearn team for lost funds.

November was a particularly painful month for Akropolis, having to “pause the protocol” after hackers stole $2 million in the DAI stablecoin. Value DeFi protocol lost $6 million in a very common flash loan exploit, yield-generating stablecoin project Origin Dollar was exploited for $7 million, and Pickle Finance suffered in a sophisticated "'evil jar" exploit $20 million in incidental damages.

One activity that disrupted the pattern of exploitation of the system was the physical attacks on individuals in mid-December. Nexus Mutual DeFi protocol founder Hugh Karp lost $8 million from his MetaMask wallet when a hacker managed to infiltrate his computer to spoof a transaction. These types of attacks are generally less common because they involve some degree of social engineering.

So far, the last reported flash loan attack of the year so far was the $8 million breach of Warp Finance on Dec. 18.

Many retail traders and investors also fell foul of phishing attempts, with Ledger hardware wallet owners also being targeted in 2020 after the personal information of some 272,000 Ledger buyers was hacked.