In the vast landscape of financial evolution, Decentralized Finance (DeFi) has emerged as a beacon of promise, offering solutions that challenge traditional banking's core. However, as with any innovation, it brings its own set of challenges. From daunting complexities that deter the average user to regulatory mazes that even experts and project founders struggle with, DeFi's journey to mainstream adoption is riddled with hurdles. It is because of these hurdles that I am writing to you. To tackle this problem, it's essential to provide a comprehensive perspective on the seemingly idealistic concept of DeFi. It's crucial for individuals to recognize and acknowledge these challenges, as users are currently facing distressing issues. And as long as these hurdles remain unresolved, going mainstream is a delusion. What is DeFi? Decentralized Finance, also known as , refers to a financial system where traditional financial services can be rendered in the blockchain without the help of intermediaries like banks. DeFi To send or receive money in traditional Finance, you need trusted intermediaries like banks or fintech platforms like PayPal to facilitate the transaction. However, the rise of DeFi has changed the game of money as it permits the trading of digital assets like Bitcoin without third parties or intermediaries. Scam Defi Projects and How People Lose Funds to Them Although DeFi has several advantages, it also comes with many risks. Here are three risks associated with DeFi: Wallet Hacks A popular method used to hack Wallets is the Read-Only Reentrancy. After lost $3.8 million to an attack in July this year, the company revealed that BlockSec recognized ‘read-only reentrancy’ as the root cause of DeFi attacks. Conic Finance Reentrancy is a smart contract bug that makes an intelligent contact vulnerable to hackers. The bug allows hackers to trick the smart contract into stealing assets by making external calls to a malicious contract. This means that users don’t need to share their private key (similar to your bank app password) before they can lose their money to hacks. Although DeFi accounted for a small portion of the lost to in 2022, DeFi is even dragged into these schemes, making investors more wary than ever. Ponzi Schemes Disguising as DeFi $7.8 billion Ponzi schemes Exit Scams An exit scam is a category under a rug pull that occurs when a founder creates a DeFi project and aggressively promotes it so people can invest. After gathering enough investor funds, he abandons the project and disappears. Losses in DeFi From 2020 to date Below are some hacks that happened from 2020 till now. 2020 DeFi Exploits and Hacks In 2020 alone, the crypto industry faced 17 major DeFi hacks that led to a cumulative loss of $154 million; see some of them below: bZx (February 15, 2020) bZx protocol was exploited twice in 4 days and lost over $900,000. The first attack occurred on Valentine's Day, where they lost $320,000. Later in the year, they lost $600,000 to hackers. Lendf. Me lost almost all its assets to an attack, as its locked value dropped from $25 million to about $10,000 in 24 hours. Lendf.Me (April 19, 2020) Harvest Finance, which lost $24 million, was among the noteworthy hacks in 2020. Following the hack, the platform recorded an over 50% drop in total value locked (TVL). Harvest Finance (October 26, 2020) Warp Finance —a DeFi platform for lending lost $7.7 million to a flash loan attack. Warp Finance (December 18, 2020) Over $2.4 billion was lost to DeFi hacks alone (an increase of 1,330% compared to 2020). Below are some projects that were affected by this hack. 2021 DeFi Exploits and Hacks THORChain suffered an exploit on June 28, 2021, where it lost $140,000, but another unfortunate exploit on July 15, where it lost $4,900,000. It suffered a third exploit on July 23, losing about $8 million. THORChain (July 23, 2021) DaoMaker lost $4 million in 2021 to a reentrancy attack, as reported by @Mudit__Gupta. Dao Maker (September 4, 2021) Poly Network is a DeFi app that helps traders move assets like Bitcoin from one blockchain to another. Poly Network lost roughly $600 million in 2021. The hacker noticed a Poly Networks code bug and manipulated the smart contract to withdraw any amount they wanted. Poly Network (August 10, 2021) However, Poly Network made a smart move after the hack. They contacted the hacker and offered them $500,000 and the role of Chief Security Adviser. Following the offer, the hacker returned all the stolen assets. An unknown hacker stole about $18.8 million (418,311,571 in AMP and 1,308.09 in ETH) from Cream Finance in a flash loan attempt. Cream Finance (August 30, 2021) 2022 DeFi Exploits, Hacks, and Scam To date, 2022 witnessed the highest combined loss from DeFi exploits. See some of them below. Qubit Finance is a DeFi that runs on the Binance blockchain. It lost over $80 million to an exploit in January 2022. Qubit (January 28, 2022) In February 2022, Wormhole, a multichain bridging platform, encountered one of the most significant losses from DeFi exploits. The breach resulted in a loss of $320 million worth of Wormhole (February 3, 2022) Wrapped Ethereum (WETH). Ronin Network is a gaming-focused platform that lost over $625 million in USDC and ether (ETH) to an exploit. The loss affected the popular Axie Infinity game and the Axie DAO. Ronin Network (March 29, 2022) 2023 DeFi Exploits, Hacks, and Scams was stolen in the year's first half, and here are some examples: Over $471.43 million SafeMoon lost $9 million worth of tokens (over $200,000,000) to a hack earlier this year. SafeMoon (March 29, 2023) While 2023 hasn’t ended yet, many more DeFi have lost millions of dollars, like Hundred Finance, which lost $7 million to hacking. Hundred Finance (April 15, 2023) On June 2, 2023, the founder of Uniswap responded to a tweet saying he wasn’t aware of the Uniswap event held by a group in Shenzhen, China (and it must be a scam). Uniswap (June 2, 2023) The fake event titled “First Uniswap Asian Summit” had the so-called “CEO of Uniswap” in attendance. The scammers had created a fork of the original Uniswap site with Chinese community content and links to the original app. Halborn tweeted a comprehensive list of hacks in 2023, with Poly Network suffering a repeat attack and loss of $10 million. Poly Network (July 2023) 2021 exploits were higher than the 2020 hacks. Then, in 2022, the hacked volume was higher than in 2021. The hacking in the Web3 is on an upward trend. Why DeFi Won’t Go Mainstream The continuous incidents and loss of money will only discourage investors as there is a lack of trust. Security Concerns DeFi needs regulation to prevent continuous losses, but regulation doesn't work well with decentralization. Regulation Concerns The main idea of decentralization is that no single party will have control over the platform, but with regulation, a body has to maintain control. However, due to the decentralized nature of DeFi, regulators will keep facing challenges with controlling it. Hence, the exploits will continue. This is because exploits are often done to smart contracts, not the regulatory bodies. DeFi remains challenging to non-technical users, and without the proper knowledge, users can lose money due to a mistake they made on the platform. Complexity What do all these figures mean? These figures mentioned here may sound like just numbers to you. However, these are people's hard-earned money. There are people's life-saving. These are people's school fees, house rent, etc. You may not be in support of people using money for such priorities to invest in crypto, but you cannot be quick to blame these investors if the protocols weren't secured enough to protect their funds. Some individuals put their money in low-yield and low-risk investment vehicles within the DeFi ecosystem to escape inflation in their local currency. There is an urgent need to address security concerns in DeFi before discussing mainstream adoption. Since DeFi is an open-source movement, developers and founders must work towards improving their smart contracts to stop hackers from taking advantage of bugs in the code. If things continue this way with losses from hacks, DeFi will remain an option, not the mainstream choice. So far, projects that conduct bounties for the community to find loopholes in their smart contracts haven't been exploited.
