DeFi is a great crypto space to be in. However, one of its downsides is the hacks and exploits. In 2023 alone, DeFi already lost $1.3 billion. More than 50% was during Q3, totaling $758 million.
This spread out over 116 cases. The De.Fi platform published a report about Q3’s DeFi exploits. So, we’re going to take a closer look at this DeFi report by De.Fi and recap it.
Source: De.Fi report
What Are the Exploit Trends in DeFi?
There’s an uptrend in DeFi exploits. There were 166 cases in Q3-2023. During the same Q3-2022, there were 110 cases. These cases consisted of scams, exploits, and sometimes also unintended losses.
However, the top three cases stood out. They combined around 64% for Q3 23 with $484 million. For instance:
- Multichain saw losses of $231.1 million.
- The Mixin Network saw $200 million in losses.
- CoinEx had a $52.8 million loss.
Access Control was the biggest culprit, with $319 million. It should come as no surprise that most losses are incurred on Ethereum. It’s the biggest chain in DeFi after all. Likewise, it accounted for 48.7% of all losses in Q3-2023. This involved 72 of the 116 cases. The BNB-Chain came in second with #13.5 million, while CEXes ‘only’ lost $37 million. Newer chains and L2s, like Arbitrum or Optimism, also saw losses. However, they were not as significant as Ethereum or BNB. You can check De.Fi’s database is here.
Source: De.Fi report
The Most Common Exploits
Rug pulls were the most common exploit. Q3 saw 78 rug pulls with $ $49.8 in losses. On the other hand, Access Control saw only 6 cases. However, these cases counted for $319 million, or 42%! Reentrancy attacks make up for 8 cases and $65.8 million in losses. This is when a bad actor keeps exploiting the victim’s smart contract, until it’s empty. There were also 12 incidents with General Exploits, causing $82.2 million damage. On a lesser scale, but still worth mentioning, there were, for example:
- Flash loan attacks.
- Honeypots.
- Phishing.
- Oracle issues.
Source: De.Fi report
What Are the Attack Vectors?
Tokens were the prime target of all attack vectors. This vector saw a total of 80 cases. Exchanges were next in line, with 8 cases. These were mostly DEXes. Lending and borrowing protocols had a total of 4 cases. Furthermore, the emerging gaming and metaverse space saw a single case. However, this was a significant case.
On the recovery side, there’s plenty of room for improvement. In Q3, there was only $8 million recovered. The space needs other platforms or measures to track and recover funds. The Lossless Protocol comes to mind. It provides features that can detect shady transactions.
Source: De.Fi report
Q3-2023 Top Cases
Let’s take a look at some top cases during Q3.
- Multichain $231 million
Multichain was one of the big cross-chain bridge operators in the DeFi space. However, it saw exploits totaling $231 million. It also appears that this may have been a rug. The Chinese police first arrested the CEO, Zhaojun. Later, they also arrested his sister.
Somebody withdrew $125 million, with $120 from the Fantom bridge. For more details, check this report from Chainalysis. Multichain ceased operations after these incidents.
• Crypto market experienced a rough July, with losses around $468 million, the most since 2022. 📉💔
• The Multichain exploit resulted in $231 million in losses alone. 🛑💸
• After the incident, Multichain's CEO disappeared for a month and Binance suspended various token… pic.twitter.com/BWNkeMKluP
— Ehsco (@Ehsco_media) August 2, 2023
- Mixin Network $200 million
In September 2023, the Mixin Network experienced an exploit. The platform lost a staggering $200 million. The attacker was well-skilled. He looked for specific vulnerabilities. He found these in the database of the network’s cloud service provider.
This had some serious and immediate impact. It resulted in the platform suspending all withdrawals and deposits. The native XIN token slumped by 8%.
4/ Loss by Attack Type
9 private key compromise incidents caused $223M in losses.
$200 million lost in the Mixin Network incident.
22 contract vulnerabilities led to total losses of about $93.27 million. pic.twitter.com/OVq9KE2Laa
— Beosin 🛡 Blockchain Security (@Beosin_com) September 27, 2023
- CoinEx $52.8 million
CoinEx is a trading platform. They lost $52.8 million in September 2023. The bad actors managed to compromise the private keys of the platform’s hot wallets. In total, they exploited 9 different chains.
- Vyper $50.5 million
Vyper is a compiler. This is a tool, needed to write smart contracts. However, there were a few Vyper versions that had a weak point. The attacker exposed these successfully. As a result, various projects lost funds, to the tune of $50.5 million. However, $6.8 million of the stolen funds was recouped.
- Stake $41.4 million
Stake is a gambling platform. It also took a hit in September 2023. Once again, the bad actors managed to get control over the hot wallets’ private keys. As a result, they could attack various networks. For instance, Ethereum, BNB, and Polygon. This resulted in siphoning a wide token range from the platform. The bad actor still had $13 million sitting on the 3 chains in October.
1/3 Summary:
📁Project Name – Stake
💵Funds Lost – $41,400,000
💻Type of hack – Flash Loan Attack
❓Short description – Stak experienced a security breach affecting their hot wallets, leading to a total loss of $41.4 million across Ethereum, BSC, Polygon networks. pic.twitter.com/E3szXCuQnf
— HashEx DeFi Intelligence (@HashExOfficial) September 12, 2023
Conclusion
Unfortunately, the DeFi space is vulnerable to hacks and exploits. This resulted in Q3-2023’s loss of $758 million. We looked at De.Fi’s report and recap it in this article.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers, and their risk tolerance may be different from yours.
We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments, so please do your due diligence.
Copyright Altcoin Buzz Pte Ltd.