Report: ‘Centralisation Issues’ Are Biggest Culprits of DeFi Attacks

January 13, 2022, 10:00 AM AEST - 4 days ago

A recent report by blockchain security firm CertiK has revealed that in its analysis of 1,737 decentralised finance (DeFi) projects, centralisation was the primary reason behind the vast majority of hacks, exploits and scams.

DeFi in 2021: Losses vs Market Cap

According to the report, 2021 witnessed US$1.3 billion in crypto lost to 44 hacks, exploits or scams. This was approximately US$500 million more than 2020, however it is worth noting that 2021’s losses represent 0.05 percent of crypto’s total market capitalisation, compared to 2020 which was 17 percent.

While the percentage of total market capitalisation lost to hacks and exploits decreased in 2021, the rise in value locked meant the dollar value lost was greater than in 2020. This is a definite step forward, but it shows that the ecosystem still has progress to make before DeFi feels like a safe place in which to deploy capital.

CertiK Report
Total value lost to DeFi Hacks. Source: CertiK

CertiK noted that the majority of DeFi platforms exploited in 2021 were unaudited, a fact it found “disappointing” and which “highlights the amount of work to be done before DeFi is seen as a secure place to invest and innovate in”.

Nonetheless, DeFi’s incredible growth, in excess of 1,000 percent, “reflected the persistent demand for security solutions in a rapidly expanding industry”.

Different DeFi stacks. Source: @Funkmeister380 via Medium

DeFi by Name Only?

DeFi’s raison d’etre is to make financial products more readily accessible to a broader audience through distributed ledger technology. This suggests that it exists to specifically disintermediate middlemen such as brokerages, exchanges, or banks. However, as noted in the report, centralisation issues lay at the heart of most DeFi exploits:

By far the most common vulnerability found was centralisation risk. Single points of failure can be exploited by dedicated hackers and malicious insiders alike.

CertiK Report

To illustrate, as reported by Crypto News Australia, DeFi protocol bZx was exploited for more than U$55 million in November as the result of private key mismanagement. This was an example of privileged ownership (found in 76 out of 1,737 audits) that allowed the attacker to gain complete control of all contracts the key controlled.

As CertiK quite correctly notes:

Centralisation is antithetical to the ethos of DeFi and poses major security risks.

CertiK Report

Despite its promise and total value in DeFi increasing tenfold in 2021, the innumerable instances of DeFi hacks, leaks, exploits and breaches, as well as clear evidence of centralisation, suggests that DeFi in its current form remains some way out from achieving its intended goal of finance for everyone.

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.