There have been 82 security issues in DeFi so far in 2021. The initial stolen funds exceeded US$1.8 billion.

As one of the greatest technological developments in the past decade, blockchain has brought innovative progress in traditional finance, cross-border payment and settlement, supply chain, credit investigation and anti-fraud, user privacy and other application fields. Decentralized finance (DeFi), bred by the original ideas and culture of the chain, has emerged as a disruptor, aiming to build a financial system that does not require a third party, is fair and autonomous, and is open to everyone. DeFi is considered to have unlimited vitality and possibility, and is expected to reconstruct the financial transaction and service model. After more than 2 years of dormancy, DeFi exploded at the end of June 2020 and developed rapidly, becoming the current blockchain world. The most attention-grabbing, financial sector, and one of the applications with the highest adoption rate. However, as DeFi has attracted millions of funds in a short period of time, it has also made them the target of a large number of hacker attacks, and security incidents on the chain have occurred frequently.


According to public information, there were 60 DeFi attacks in 2020, with losses of more than 250 million U.S. dollars, of which at least 10 were lightning loan attacks, including bZx, Balancer, Harvest, Akropolis, Cheese Bank, Value DeFi, and Origin Protocol. The DeFi item was attacked.


Although there are still nearly 2 months before the end of 2021, according to OKLink’s incomplete statistics, as of November 7, 82 on- chain security issues have occurred since the beginning of 2021, and the initial stolen funds were approximately US$1.816 billion. , But about 700 million U.S. dollars of it have been returned, and the total amount of stolen funds reached 1.116 billion U.S. dollars.


In contrast to 2020, in addition to a significant increase in attack incidents, the amount of stolen items for a single project has also increased significantly. According to the Rekt ranking list, only one of the top ten D hacker attacks occurred in 2020. The top three are Poly Network (US$611 million), Compound (US$147 million) and Cream Finance (US$130 million).



Data source:

Among them, the stolen funds of Poly Network alone exceeded the entire year of 2020, but fortunately, the hackers who attacked the project have returned all the stolen funds afterwards. The most recent large-scale attack was the lightning loan attack suffered by Cream Finance on October 28. The loss exceeded US$130 million. The stolen funds were mainly Cream LP tokens and other ERC-20 tokens. It is understood that this is not the first attack that Cream Finance has suffered. Excluding this one, in 2021 alone, Cream Finance has already suffered 3 attacks due to flash loans, contract vulnerabilities, or the joint impact of other DeFi projects, with total losses 57.4 million US dollars.


From the 82 security incidents from the beginning of 2021 to the present, we found that lightning loans are the most commonly used method by hackers , accounting for 33 cases, followed by contract vulnerabilities, with 27 cases in total. In addition, hacker attacks can also be caused by factors such as changes in incentive mechanisms, leakage of private keys or mnemonics (improper storage). Next, we will combine specific cases to show everyone.


1. Cream Finance was attacked by lightning loan again, losing 130 million US dollars

On October 27, Cream Finance, a DeFi lending agreement, was attacked by a flash loan. The attacker took away approximately $130 million in tokens from the CREAM Ethereum v1 market.


Flash loan refers to a loan method that does not need to mortgage assets and completes borrowing and repayment in the same block. It should be noted that lightning loan itself is just a tool, there is no good or bad, but because lightning loan appears in the news related to DeFi thunder from time to time, so in the eyes of many people who don’t know, lightning loan seems to have become An accomplice of malicious attackers, this is actually a misunderstanding of flash loans.


In fact, flash loans can even be called a great innovation in smart contracts. Due to the structural flaws of DeFi, most mortgage lending agreements require users to over pledge assets, which means that the utilization rate of funds will become very low. The emergence of flash loans has greatly reduced the cost of funds. Users can get a huge amount of money without requiring any mortgage loans and only paying a very small fee (for example, the flash loan fee on AAVE is only 0.09%) After borrowing the funds, the user can use the borrowed funds to perform other operations. At the end of the transaction, they only need to return the loan and the handling fee in time, otherwise the transaction will be rolled back, as if nothing happened , So it can be used for arbitrage, exchange of collateral and self-liquidation, etc.


In response to the Cream Finance attack, the attacker lent 500 million DAI from MakerDAO Lightning Loan, then pledged to convert it into 451 million yDAI, and then added liquidity to Curve ySwap to obtain 447 million yDAI+yUSDC+yUSDT+yTUSD .



Image source: OKLink

Then the attacker pledged 447 million yDAI+yUSDC+yUSDT+yTUSD and obtained nearly 447 million yUSD. By calling the minting function in crYUSD, nearly 22.338 billion crYUSD were minted.



Image source: OKLink

Then the attack contract created attack contract 2, and called the flashLoanAAVE() function of attack contract 2, first borrowed 524,100 WETH from AAVE, of which 6,000 WETH was sent to attack contract 0x961D, and the remaining WETH was deposited in Cream to obtain crETH. Use attack contract 2 to lend nearly 447 million yUSD, repeat it twice, and mint crYUSD with this, and transfer crYUSD to attack contract 0x961D after minting is completed. Attacking contract 2 0xf701 lent nearly 447 million yUSD for the third time, which was directly transferred to attacking contract 0x961D this time.

Image source: OKLink

The attacker used 1,873 WETH to obtain 7,453,300 USDC in Uniswap V3, and then used to exchange 3,726,500 USDC into 3,383,300 DUSD, and then exchange DUSD into 450 million yDAI+yUSDC+yUSDT+yTUSD.




Image source: OKLink

Then 8,431,500 yDAI+yUSDC+yUSDT+yTUSD were directly sent back to the yUSD mortgage pool, resulting in a sharp increase in the calculation of the value of the mortgage asset yUSD in the Cream protocol, and finally a large amount of 15 assets including CRETH2, xSUSHI, PERP, etc. were loaned and returned to the attack Contract 2 WETH flash loan loaned out.



  Image source: OKLink

Finally, the assets were redeemed into DAI, and the lightning loan that attacked the contract 0x961D was returned.



    Image source: OKLink

This attack is a typical lightning loan price manipulation. After obtaining a large amount of funds through the lightning loan, the contract design flaws were used to drastically change the price to make a profit. This is the fourth hacking attack suffered by Cream Finance this year. When a lightning loan attack occurs, the essence is that the attacker who initiated the lightning loan just took advantage of the characteristics of the lightning loan, lending funds, trading, and then depositing and lending a large amount of funds again in a short period of time, so that they can artificially place a certain amount of money. A DEX manipulates the price of a specific crypto asset to profit from it. In other words, the attacker’s operations in the lightning loan process alone are compliant, but from the results, this behavior harms the fairness of the smart contract and the interests of other users.


2. Poly Network, the largest DeFi theft case in history


On August 10, 2021, the heterogeneous chain cross-chain interoperability protocol Poly Network was attacked. O3 Swap using this protocol suffered heavy losses. According to the browser on the OKLink chain, hackers took away a total of them in more than 30 minutes. 610 million US dollars of encrypted assets were transferred out to 3 addresses in batches. The funds transferred to the BSC address of 0x0d6e exceeded 250 million US dollars, the Ethereum address transferred to 0xc8a6 exceeded 270 million US dollars, and the 0x5dc3 address also exceeded 85 million US dollars.


This attack is mainly due to hackers exploiting the loopholes in the EthCrossChainManager contract. The Keeper permissions of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can be called by any user for transaction execution, and when the call is made internally, Malicious users can pass in self-constructed data through the _executeCrossChainTx function, so that hackers can change the EthCrossChainData Keeper to their own designated address through carefully constructed data, thereby taking out the tokens in the LockProxy contract.


The following is the attacked process drawn by the Sky Eye team on the Ouke Cloud Chain.




Since the US$610 million involved in the incident was too high-profile, all major platforms were actively responding after the incident, trying to prevent hackers from using platform features to transfer stolen money. The SkyEyes team is also in compliance with the regulations and synchronized with the security team. The attacker’s information has bought valuable time for tracking the attacker.


According to Dune Analytics data, the current TVL of cross-chain bridges exceeds 38.8 billion U.S. dollars. As an emerging field, the birth of cross-chain bridges has broken the island phenomenon between chains, but due to its development speed and huge The amount of funds, coupled with the uneven level of projects on the chain, has naturally become the “sweet pastry” in the eyes of hackers.



On July 11, the cross-chain project ChainSwap was attacked by hackers. The tokens of more than 20 projects deployed on the bridge were stolen by hackers, resulting in a loss of approximately US$4.4 million. The main reason for this security incident is that each token has a proxy contract during cross-chain transfer, and the hacker needs to pay 0.005 ETH in _chargeFee as a fee when calling the contract, but there is no real identity verification review in this process, only one Sign, the problem may be the _decreaseAuthQuota function, if the signer’s quota for the day has been completed, the function will be restored. But everyone seems to start with the default quota. Therefore, the attacker only needs to use a different address signature each time to circumvent this. Then transfer the “volume” parameter to the “to” attacker address in the _receive function.


And just one day later, another well-known cross-chain project AnySwap was also attacked. Its newly launched V3 cross-chain liquidity pool lost 2.39 million USDC and 5.5 million MIM, with a total loss of more than 7.9 million US dollars. According to the AnySwap announcement, two V3 router transactions were detected under the V3 router MPC account on BSC. These two transactions have the same R value signature, and the hacker pushed back to the private key of this MPC account. The team has repaired the code to Avoid using the same R signature.


Poly NetWork is not the first and will not be the last of cross-chain bridge security incidents. Due to the rapid growth of TVL, cross-chain bridges will inevitably continue to be a high incidence of security incidents. Although the end of Poly Network ends with the return of all assets by hackers, However, this incident is also a warning that, as a more complex business scenario, cross-chain bridges should have stricter requirements for contract writing and auditing, and security issues such as administrator permissions and private key authorization also need to be paid more attention.


3. BXH may be stolen due to the disclosure of the private key


On October 30, the multi-chain deployment of the decentralized transaction protocol BXH was stolen, and $139 million in encrypted assets was looted. It is understood that the security incident occurred on the BXH protocol on the BSC chain. Out of prudent considerations, BXH officials also suspended Heco and OEC related deposit and withdrawal services.


As soon as the incident occurred, the SkyEyes team monitored the hackers’ addresses on the BSC, Ethereum, and Bitcoin chains, and warned exchanges and wallets to strengthen address monitoring to prevent related malicious funds from flowing into the platform. After review, the SkyEyes team analyzed that the hacker deployed the attack contract 0x8877 ​​on October 27, and then on October 29, the BXH administrator address 0x5614 gave the hacker attack contract 0x8877 ​​management authority through grantRole. On October 30th, hackers transferred the assets in the BXH fund library by attacking the management authority of the contract.


The simple understanding is that someone got the private key of the BXH administrator, set another address as the administrator, and then withdrew all the money through this other address. The results of this investigation caused an uproar. After all, this is the case. The method of stealing money is quite primitive. Hackers don’t need to conquer complicated smart contracts, and only rely on private keys to withdraw 139 million US dollars of funds.


The theft of assets on the BXH chain also produced a series of chain reactions. Related machine gun pools that depended on BXH’s liquidity were also implicated. CoinWind and Earn DeFi successively closed deposits and withdrawals. On the evening of October 31, BXH publicized the remaining assets of its fund pool on the BSC chain on official media, including USDT, USDC, BTC, ETH, BUSD, and MDX, totaling approximately US$184 million.



As of November 9, the latest development of BXH is that the project party stated that after continuous testing, eliminating potential risks, and completing the multi-signature upgrade for private key verification, the project’s activities on OEC have returned to normal.


4. Rug Pull Attack


As a term often mentioned in the DeFi circle, Rug Pull refers to the withdrawal of support by the project party, the DEX liquidity pool or the sudden abandonment of a project, which swept away investors’ funds without warning. Rug Pull mostly occurs in DEX. A typical scam in the DeFi field. Scammers will invest a lot of money in liquidity pools and post attractive advertisements on social media to attract investors to enter the market. Once investors deposit tokens in these liquidity pools, the scammers will “pump a carpet.” The removal of all the tokens in the pool is usually the last step of a malicious team’s attack, and it is also a common exit scam. Since Rug Pull is technically simple to implement, it is usually a common technique used by some native projects (low investment, no audit, Copy Cat) after creating the illusion of “getting rich overnight” and tricking retail investors into getting into the car.


On July 15th, the digital collectibles platform Bondly Finance was attacked. 373 million BONDLYs were minted on the Ethereum network, which caused the price of tokens to fall and a loss of 5.9 million U.S. dollars. This move was questioned as a Rug Pull. According to the project’s own disclosure, the attacker obtained access to the password account of Bondly Finance CEO Brandon Smith through a carefully planned strategy. The password account contains the mnemonic recovery phrase of his hardware wallet. After copying, the attacker allows the attacker to access the BONDLY smart contract. And the company wallet that was also leaked. Brandon maintains exclusive access to most of Bondly’s corporate wallets. These wallets include all decentralized exchange liquidity pool tokens, investment account tokens, mortgage reserve tokens, ecological fund tokens, payroll, company reserves, all NFT wallets, and Opensea reserves.


Concluding remarks


With the rapid development of blockchain on a global scale, corresponding security incidents on the chain continue to breed. Compared with last year, the security situation in the DeFi field is still severe. The problems on the chain should not be underestimated. Compared with new types of vulnerabilities, we found that most hacking attacks are vulnerabilities that have already appeared. The rise of EVM-compatible chains makes hackers attack targets Moving from Ethereum to other chains, but the attack methods are almost the same. On the one hand, the project needs to raise its own requirements, and the development, including the third-party security company, needs to consider more during the audit. On the other hand, it also shows the existing similarities of DeFi. Project problems, many projects either directly fork or innovate on the basis of forks, and such results can easily lead to hidden risks or hidden vulnerabilities. For example, AutoShark Finance and Merlin on the BSC chain were successively attacked by lightning loans, respectively The loss of 750,000 US dollars and 6.8 million US dollars was due to the fork’s Pancake Bunny, which caused the same risk to be arbitrage.


We hope that every security incident can bring warnings to the industry. Although we cannot avoid all problems, we should pay attention to frequently occurring loopholes and strengthen the implementation of contract audits, risk control, and emergency response. On-chain security issues should receive the highest attention, instead of rushing to launch products for blind pursuit of hot spots and failing to do a good job in project security review. This is not only irresponsible to user assets, but also a consumption of ecology on the blockchain. Users also need to enhance their own security awareness and do a good job of DYOR, such as anonymous teams, no audits, and obvious Copy Cat projects, which can be included in their own avoidance points to avoid primary risks.

Original link

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-11-09 21:21
Next 2021-11-09 21:25

Related articles