DeFi in Danger: PeckShield Uncovers Cybercriminals' Focus
In its recent report, blockchain security company PeckShield disclosed that there have been 395 hacks during the first half of 2023, leading to the theft of approximately $479.4 million.
Compared to the previous year, the quantity of stolen funds has decreased roughly sixfold, with the ten most significant crimes accounting for 79% of all losses. This could signal reduced market liquidity and a diminishing interest from fraudsters. Nonetheless, companies like CertiK link these figures to an uptick in the security of decentralized applications and ongoing user education. However, it's nearly impossible to definitively determine the cause of this trend.
DeFi apps have become a prime target for cybercriminals: they accounted for 98% of the crimes and 87% of the total stolen assets. This high level of interest in these projects can likely be attributed to the popularity of DeFi platforms, which offer a range of services, including loans, deposits, or liquidity pools. Victims of these attacks included projects such as YFII, Euler Finance, Orion Protocol, Terraport Finance, and Jimbo Protocol, along with several other less-known initiatives.
In their assaults on DeFi applications, criminals often exploited flash loans (71%), a mechanism that enables enormous loans to be taken without collateral. This technique has long been recognized and remains a significant concern. The majority of these attacks were aimed at project tokens (71%). There has been noteworthy progress with cross-chain bridges: breaches of these represented a mere 1% of successful cyber attacks. The hacking techniques used typically exploited logical errors in codes, oracle manipulation, and privilege leaks, which enabled unauthorized users to gain administrative access.
Among all the blockchains, Ethereum suffered the most, with stolen assets amounting to $286.69 million. The BNB Chain had the highest number of breaches, with it being successfully attacked four times as frequently (300 breaches). This suggests that developers of Ethereum applications are paying more attention to security issues.
It's heartening to see that developers have been able to recover nearly half of the stolen funds ($226.2 million). In the past, losses from breaches of cryptocurrency applications, even those involving centralized systems, often proved irrecoverable. Nonetheless, to bolster user trust, it's crucial not only to recover stolen assets but also to continue efforts to reduce the number of such incidents. If this is not achieved, decentralized projects may face challenges in securing a leading position.
