Register now for better personalized quote!

These are the flaws that let hackers attack blockchain and DeFi projects

May, 24, 2022 Hi-network.com
Image: Blue Planet Studio / Shutterstock

The number of decentralized finance (DeFi) and blockchain projects grew massively during the past year, but their increased popularity has also piqued the interest of cyberattackers -who managed to steal at least an estimated$1.8 billion in 2021.

Security

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read now

The blockchain is a digital ledger that records transactions in a way that is difficult to tamper with or change. As a result, these technologies have tremendous potential for managing cryptocurrency assets and transactions, as well as for facilitating smart contracts, finance, and legal agreements.

SEE:Microsoft warns: This botnet has new tricks to target Linux and Windows systems

In recent years, the blockchain has led to the emergence of decentralized finance. DeFi financial products and systems are an alternative to traditional banks and financial services, relying on decentralized technologies and smart contracts to operate.

DeFi, NFTs, and cryptocurrencies are now popular targets for threat actors, who take advantage of vulnerabilities, logic errors, and programming flaws -as well as performing phishing campaigns to steal digital funds from their victims.

In May, Microsoft introduced the term 'cryware' to the standard dictionary of digital threats, including malware, infostealers, cryptojackers, and ransomware. The new term describes malware designed to harvest and steal information from non-custodial cryptocurrency wallets, otherwise known as 'hot wallets'.

While the blockchain facilitates the infrastructure digital wallets need for transfers, deposits, and withdrawals, hot wallets are stored locally and so might be susceptible to theft.

On Tuesday, cybersecurity researchers from Bishop Fox published an analysis of the significant blockchain and DeFi heists that occurred in 2021. The cybersecurity firm analyzed$1.8 billion in losses.

There were 65 major 'events' examined by the team, of which 90% were considered to be "unsophisticated attacks".

Source: Bishop Fox CryptoSec

According to the researchers, DeFi projects experienced an average of five significant cyberattacks per month, with peaks in May and December.

The main attack vectors in 2021 were:

  • 51%, smart contract vulnerabilities
  • 18%, protocol and design flaws
  • 10%, wallet compromise
  • 6%, rug pull, exit scams
  • 4% key leaks
  • 4%, frontend hacks
  • 3%, arbitrage
  • 2%, cryptocurrency-related bugs
  • 2%, front runs (transactions queued with knowledge of future exchanges)

"We can see that in most cases, the attack came from a vulnerability in smart contracts or in the very logic of the protocol," the researchers noted. "This is not surprising for a recent technology that may lack a certain technical hindsight on the implementation of security measures."

When it comes to the types of vulnerabilities exploited in smart contracts, the most common issues exploited by threat actors are well-known bugs, vulnerabilities contained in forks, and sophisticated attacks. Rug pulls and exit scams have also been recorded to a lesser degree.

However, many of these attacks could be avoided with robust auditing and testing before production. Developers using forks, too, should check their codebases regularly for any security issues impacting a DeFi project's source code.

"We can say without hesitation that DeFi is currently a tasty target that attracts thieves looking for big and fast gains," Bishop Fox says. "This observation is obvious given the youth of this technology and the fact that it's all about the money.

"Rare are the technological advances and developments that have never run into problems. In the same way that the first computers were networked without really considering the possibility of spreading a virus, DeFi developers tend to seek innovation in their algorithms more than protection."

Previous and related coverage

  • What are NFTs? A beginner's guide to digital assets
  • The 5 best crypto apps: Trade with the pros
  • Malware is targeting crypto wallets, says Microsoft: Here's how to protect yourself better

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.