DeFi’s “Black May” revelation: speed is not enough, innovation is greater than “Fork”

Lightning credit attacks account for about half of all DeFi attacks since 2019.

DeFi's "Black May" revelation: speed is not enough, innovation is greater than "Fork"

This May was the most attacked and costly month in DeFi’s history. Of the 25 DeFi-related security incidents that occurred in May, Lightning Lending had the highest number of attacks with approximately 11, in addition to BSC being the most attacked platform with 15 attacks.

Since 2020, decentralized finance (DeFi) has proven to be a disruptive area of the cryptocurrency ecosystem, and it is making waves in global financial markets as institutional investors are attracted to the potential of the high returns available in the DeFi space.

The entire cryptocurrency space has experienced explosive growth over the past year, with the DeFi track in particular standing out and performing extremely well, with the total lock-up value of the DeFi protocol hitting $130 billion at one point.

However, the downside of DeFi’s fast and furious advancement is becoming apparent; the huge wealth effect of DeFi is very tempting to investors, but it also makes the DeFi space a “cash machine” for hackers.

May was the most attacked and costly month in DeFi’s history.

According to the PeckShield situational awareness platform, there were 46 security incidents across the blockchain sector in the past month, with 25 incidents related to DeFi.

“Black May” with frequent DeFi hacking attacks

It can be said that the fire of DeFi started in Ether and exploded in Ether.

As a large number of users flocked to DeFi via Ether, the transaction fees of Ether continued to soar, which was unacceptable to most people, forcing users to migrate to the Coin Smartchain (BSC).

BSC quickly took over the DeFi space with its lower fees and faster transactions, which drove DeFi’s further growth. As a result, BSC quickly became a “hotbed” for hackers as it exploded.

Of the 25 DeFi-related security incidents in May, Lightning Lending had the highest number of attacks, with about 11; losses were generally high, with at least six projects losing more than $10 million; and BSC was the most attacked platform, with 15 attacks.

Before we understand the large number of recent hacks on DeFi, it is necessary to get reacquainted with lightning loans and lightning loan attacks. In this article, we will focus on analyzing the BSC hack, as there were only 3 attacks on the ethereum chain compared to the 15 attacks on BSC.

What is flash lending?

In addition to utilizing traditional financial primitives, the DeFi space continues to give birth to some very innovative financial primitives, such as lightning loans. However, the emergence of lightning loans has put a large number of DeFi projects at risk of security.

Lightning Lending itself is a tool that simply uses blockchain technology to provide investors with an opportunity to arbitrage between different DeFi protocols.

Lightning Lending allows users to lend all tokens in the liquidity pool on an unsecured basis, subject to the return of the borrowed tokens and a fixed borrowing cost after a series of swap collateral clearing operations and before the transaction ends.

It is important to acknowledge that lightning lending is one of the most exciting native innovations in DeFi, with a wide range of future applications.

As we all know, centralized lending is usually executed on a peer-to-peer basis, where a centralized exchange assumes the role of an intermediary. Decentralized lending, on the other hand, is much different, with most projects using “pools of money” to broker transactions to achieve the needs of both lenders and borrowers.

Both centralized and decentralized lending require collateral to complete the lending process, and some programs even require over-collateralization in order to lend. Lightning loans, which require no collateral, bring a new possibility for what is unthinkable in the traditional lending market.

However, the transactions for lending and repayment of lightning loans must be completed in the same block, giving hackers the opportunity to use lightning loans to launch attacks.

In April, crypto data aggregator Messari reported that lightning loan attacks have become the most popular form of attack in the DeFi ecosystem, accounting for about half of all DeFi attacks since 2019.

Hackers lend large amounts of money through flash lending to raise coin prices, complete sell-offs for arbitrage, and ultimately exit the protocols with ill-gotten gains.

Lightning Lending Attack Center – BSC

BSC is a public, license-free infrastructure that allows developers to build and deploy DeFi protocols with zero censorship.

Over the past few months, the BSC has been the epicenter of DeFi vulnerabilities, and the number of protocols suffering losses due to malicious behavior is increasing.

In April, Messari researcher Ryan Watkins noted the centralization of BSC verifiers, stating, “BSC has 21 active verifiers, making it more centralized than most platforms. This group of validators is determined daily by the CoinAchain, which is managed by 11 validators.”

May, as expected, saw a concentration of BSC security incidents, with the biggest loss being the famous BSC-based DeFi protocol PancakeBunny, which lost up to $200 million in BNB and $42 million in native tokens Bunny in a massive lightning loan attack on May 20.

Other DeFi protocols running on BSC have also been hacked and exploited recently, including Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, and Spartan Protocol.

Following PancakeBunny, the decentralized financial ecosystem BSC has suffered its second lightning loan attack in a week. The attack caused DeFi platform Bogged Finance to lose $3 million, or half of its total liquidity.

Also, on May 18, BSC’s largest lending platform, VENUS, experienced a large liquidation with suspected malicious manipulation. This resulted in over $200 million in DeFi liquidations and over $100 million in bad debt on the agreement, with a large number of users suffering losses. the Venus agreement announced a final loss of $77 million and that the Swipe team would no longer be involved in project management.

On May 28th, BurgerSwap, the first automated market maker on BSC, and JulSwap, a decentralized protocol, were also attacked with lightning loans.

Earlier this month, Marie Tatibouet, chief marketing officer at cryptocurrency exchange, told Cointelegraph that “the lack of rigorous evaluation exacerbates the exploitation of these vulnerabilities due to the centralized nature of BSCs.” He added: “They are greenlighting hundreds of projects every week.”

DeFi Security Insights – Innovation over “replication”

BSC has risen rapidly by “copying” ethereum and attracting a large number of ethereum-based users based on limited innovation.

At the same time, many copycat projects in BSC ecosystem use the open source code of Uniswap and other Ether star projects, and then “copy” them to launch quickly. Fork has brought a lot of hidden dangers to the projects on BSC.

According to PeckShield’s analysis, BurgerSwap and JulSwap’s code are both Forked Uniswap, but they don’t fully understand the logic behind Uniswap. For hackers, these Fork projects open their “own doors” directly to them, and they can take what they want.

It is worth noting that BSC has compromised on decentralization, which means that there are some attack points that hackers can exploit.

Ethernet co-founder Vitalik Buterin has pointed out the blockchain “impossible triangle” problem – blockchain cannot have the following three attributes at the same time: decentralization, security and scalability. This essentially means that improving one of these three aspects will mean that the other two attributes are somehow compromised.

With lightning lending as one of the most frequent attacks, any DeFi project should take care to protect against lightning lending attacks.

In addition to this, hackers will exploit different vulnerabilities frequently, including key compromise, coding errors, and abuse of third-party protocols.

With hack after hack in the DeFi industry, developers need to revisit the dangers and opportunities presented by DeFi to build a truly secure decentralized financial ecosystem.

DeFi has a great deal of untapped potential in the global financial space. more than just a technical gimmick, DeFi once again reveals the power of blockchain technology.

As more and more cryptocurrencies are adopted by the mainstream, the total value locked into DeFi is likely to continue to increase as the share of cryptocurrencies in the global money supply grows.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-06-02 06:03
Next 2021-06-02 06:07

Related articles