The decentralized finance (DeFi) niche has tracked phenomenal progression since it emerged in earnest around 2017 but not without major bruises. During this half decade run, the DeFi space has evolved rapidly as reflected in its total value locked (TVL) figure which topped $180.38 billion in December 2021 according to DeFi Llama data. The brisk growth of this crypto subsector especially in the last few years has been chalked up to several influences including an increased demand of crypto assets and the incentivized nature of offerings. On the flip side, this accelerated growth and accompanying liquidity has concomitantly invited unscrupulous actors looking to exploit the vulnerabilities present in space. In the past three years, there has been an accelerated occurrence of high-profile crypto theft incidents. The majority of these have involved techniques like crypto scams, rug pulls, flash loans, and DeFi-related exploits. For rug pulls, the perpetrator(s) usually a developer (or team) pumps the price of the project’s token, then abruptly withdraw or remove the liquidity before abandoning the project. Flash loans attacks, on the other hand, target flaws in smart contract-based lending platforms and are the most frequent. These take advantage of the uncollateralized nature of flash loans –no upfront collateral is needed but the borrower must make repayment within the same chain transaction.
Full commentary : Kokomo Finance Exit Scam and Swerve Finance Attack Proof of Rampant Defi Exploits In 2023.
If you are surprised by the spate of DeFi hacks that have occurred in the past three months, you have to look at OODA comprehensive Web3 incident database which is based on our research to categorize what compromises are taking place as well as document the root causes that plague Cryptos, DeFi, NFTs, and Web3 in general. Tracking root causes provides comprehensive insights into how innovators can create robust cyber risk management approaches and reduce the potential for consequential attacks. You can access the OODA comprehensive Crypto Incident tracker here.