paint-brush
DeFi Exploits and Bridge Attacks Emerge as the Top Deterrents to Wider Crypto-Adoptionby@salamashiru
1,116 reads
1,116 reads

DeFi Exploits and Bridge Attacks Emerge as the Top Deterrents to Wider Crypto-Adoption

by Salam AshiruNovember 4th, 2022
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

Blockchain is supposed to be unhackable in theory but that hasn't been the case with the technology. However, 2022 has seen the hack of several DeFi protocols. The total hacks from 2022 as of the end of October stood at $2.98 billion– the numbers sound normal until you analyze deeper and find that most crypto assets have dropped by over 60%. This level of security breaches in 2021 would be over 3 times the value of crypto assets.
featured image - DeFi Exploits and Bridge Attacks Emerge as the Top Deterrents to Wider Crypto-Adoption
Salam Ashiru HackerNoon profile picture


The blockchain landscape has bad PR with security; there's news of a hack every month, and it defies what the technology touts itself as. In theory, blockchain is one of the most secure technologies and is supposed to be unhackable.


However, high-profile hacks this year have a comment on that. This year has seen the security breach of Crypto.com, IRA Financial Trust, Cashio, Fei Protocol, Qubit Bridge, Harmony Bridge, Beanstalk, Wormhole, Axie Infinity Ronin Bridge, and the most recent BNB hack. Bridges happen to be a regular, and we'll get to why pretty soon.


According to Chainalysis, $3.2 billion were stolen in 2021, and despite the dwindling value of crypto assets, the 2022 hacks are trying so hard to catch up with 2021 numbers. The total hacks from 2022 as of the end of October stood at $2.98 billion– the numbers sound normal until you analyze deeper and find that most crypto assets have dropped by over 60%. This level of security breaches in 2021 would be over three times the value it is.


Blockchain's security is a tough argument to defend and especially seeing as traditional finance does not experience as many security issues. The hack reports mentioned in the article so far only cover the funds lost by protocols and institutions.


Users' statistics may be much worse, but there's no way to tell the exact figure crypto users may have lost to fraud and hacks. With security breaches on the rise, it's logical to argue that crypto and blockchain adoption might take longer than we imagine.

Bridges And Hacks

Most of the recent security breaches have affected DeFi protocols, with cross-chain bridges suffering the most. The recent BNB hack resulted from a vulnerability in the network's cross-chain bridge that facilitates seamless asset transfer between the BNB Beacon Chain(BEP2) and the Binance Smart Chain.


The initial damage was reported to be about $570 million. But efforts from node contributors mitigated the loss to about $100 million, another situation that has spurred debate about the network's true decentralization nature.


Bridges have had the highest frequency of these security breaches because their frameworks are still developing. Cross-chain bridges are essentially protocols that enable seamless value and asset transfer across different networks. For example, you cannot spend BTC on the Ethereum blockchain, so bridges offer you a wrapped version of BTC(wBTC) which will be in the token standard you need it for; in this case, ERC-20.


Your BTC is locked on the cross-chain bridge, and this actually makes them a prime target for attacks because they hold a lot of capital on-chain. The recent bridge hacks have resulted from flawed security design and mostly smart contract vulnerabilities.


It is generally believed that over the next few years, we'll perfect the best practices to write smart contracts for bridges and have more capable hands writing and analyzing these codes. However, the collateral damage is costly, and it's pretty easy to see how this will pull the landscape back.


My earliest understanding of what a smart contract vulnerability came from minting an NFT project sometime in 2021. This project intended for its whitelisted members to mint 3 NFTs each before moving to the public mint. However, there was something wrong with the smart contract that a few users with coding experience had already spotted.


The smart contract allowed only whitelisted addresses to carry on with the mint. But, if a user mints 3 NFTs with their whitelisted wallet and sends those three items out, they can return to mint another 3; rinse and repeat. It was highly rewarding for users to keep up with this because the NFT was already selling for 10x its mint price on the secondary market. At the time, that was a situation that had already happened several times with other projects that you'd call a rookie mistake.


However, recent bridge hacks have shown that these vulnerabilities are there for those who look hard enough to exploit. It is basically about tricking the computer, subjecting it to a condition that the smart contract does not explicitly cover, and you'll be able to carry out malicious activities on the network. Blockchain itself is very secure in theory, but until we can write near-perfect smart contracts, these are perilous times.


How Bad Are The Security Threats?


Blockchain networks can be attacked in various ways– attacks like DDoS attacks, software misconfiguration exploits, blockchain-specific malware, or performing transaction-based injection attacks usually target blockchain nodes. The blockchain landscape is, however, more familiar with phishing attacks, Sybil attacks, routing attacks, and 51% attacks. Fraudsters and hackers are always lurking to get the best of platforms and users.


The threat this poses to institutions has seemed like the bigger evil until one discovers how bad it can get for an average user. This has been easy for malicious users because the blockchain is also an enabling ecosystem to steal money and cover your tracks.


The threat this poses to institutions seemingly has greater significance because they are in the best position to create systems that can mitigate and control thefts and hacks. However, a random survey would suggest that millions of dollars switch hands from users to fraudsters daily.


The CEO of FTX, Sam Bankman-Fried, recently tweeted how FTX has been helping users tackle phishing attacks, including a recent phishing attack with mitigation plans to support affected users.


A renowned on-chain sleuth with the Twitter username ZachXBT uncovered a phishing scammer named Monkey Drainer, who has reportedly stolen over 700 ETH worth over $1 million from several users.


It gets worse when you find out there's a lot of this going around daily. Scammers take advantage of users' edginess to solve specific issues or make a trade to trick them into signing malicious smart contracts that drain their wallets or inputting their private keys into a phishing site.


There are no official numbers on the amount users have lost to scams, but the speculations are pretty scary when you imagine they are people's life savings. Users have had to learn basic security tips to keep themselves safe. Users have had to understand that security is solely their responsibility; there are no support or customer service lines to report issues to, which might be something to get used to.

How This Could Affect Crypto Adoption

Blockchain enables a system that makes finance completely custodial; users will be responsible for storing their funds and keeping them safe from bad actors who would always try to take them maliciously. On the other hand, the traditional finance system does not give users total control of their money, but there are existing frameworks that protect users against fraud. Besides, the system is not quite as enabling for fraudsters and scammers.


The blockchain landscape has been blessed with users who are dedicating effort and time to help other users trace their stolen funds and work towards recovering the funds. However, there's only a short window for when their effort is significant. Blockchain is transparent, but crypto scammers already know the best methods to launder money and obscure their transaction history.


According to data from Triple-A, only 4.2% of the world's population owns cryptocurrencies. It could be less factoring users who may have multiple wallets. The crypto landscape has a pretty tough job at hand, convincing users to adopt blockchain. Users are primarily concerned about fund safety, and if traditional systems guarantee better security than blockchain, the downside to using traditional finance might be a small price to pay for salvation.


Considering how easy it is for fraudsters to trick the average user, it's a scary endeavor for newbies without knowledge of the best security practices. Blockchain is very secure in theory, but with the landscape still developing the best implementations for its framework, users have some responsibility on their hands.