Smart contract security and the biggest DeFi hacks of 2021

Crypto education

TALK TO US: TELEGRAM |TWITTER | DISCORD

Where money flows, hackers and scammers follow: and right now it’s decentralized protocols on Ethereum and Binance Smart Chain. In this article, we’ll look at different types of DeFi exploits and discuss the security challenges faced by the next generation of smart contract platforms, such as Diem, Polkadot, and Polygon.

Hackers now steal more from DeFi than from exchanges

Centralized crypto exchanges don’t get hacked as often as they used to. Back in 2019, exchanges lost a record $865 million to attacks; the single largest crypto hack was that of the Japanese exchange Coincheck in 2018, when $500M was stolen. But in Q1 2021, hackers stole only $2.92M from exchanges and $86M from Ethereum dApps. The EasyFi exploit in April alone cost the ecosystem over$80 million.

Image: AtlasVPN

In 2020, according to Atlas VPN, exchanges lost $300M to attacks, which represents less than 10% of the total of $3.78B stolen by blockchain criminals last year. For comparison: $446M were stolen from Ethereum and Tron dApps, mostly in DeFi hacks.

Image: AtlasVPN

Why are hackers shifting their attention from exchanges to DeFi protocols? The most likely reason is that it’s easier. Exchanges constantly upgrade their security systems and store a large share of the client funds in cold wallets, where they are inaccessible to hackers most of the time (except for those moments when crypto is transferred from a cold to a hot wallet).

By contrast, DeFi projects are often launched hastily and without a proper audit; few can afford a security department; and most of the value is stored on-chain, in liquidity pool contracts. This makes them a low-hanging fruit for criminals, because a pool contract is always accessible and can be interacted with: it’s like a door always ready to open, as long as you can guess the combination.

Another — though related — possible reason is that the centralized exchange space is becoming more regulated. To obtain the coveted regulated status, trading platforms often have to adhere to strict security and audit procedures.

How money gets stolen from blockchain protocols: 4 ways

There are several common reasons why dApps get hacked:

  1. Smart contract bugs. Even large protocols that have passed an audit can contain vulnerabilities, and hackers are getting more savvy at finding them.
  2. Copy & paste errors. A lot of DeFi projects are cloned from popular protocols, and sometimes simple typos while copying the code can result in bugs — and very embarrassing hacks.
  3. Faulty dApp logic. Sometimes an attacker simply needs to ‘play the system’: do something that an app technically allows them to do, abusing its financial logic.
  4. Built to be drained. Dishonest founders often leave themselves a loophole to withdraw the liquidity from a dApp — then pull the rug from under the users, disappearing with the money.

We will look at a few recent examples to explore how blockchain protocols get exploited and what users can do to avoid losing money.

Smart contract bugs: ChainSwap hack

Ethereum isn’t the only game in town anymore: new blockchain ecosystems are developing on alternative blockchains, such as BSC, HECO, and Polkadot. Accordingly, there’s a growing need for cross-chain bridges — tools that allow users to move assets between chains. These bridges can themselves become exploit targets, as happened with ChainSwap, which lost $8 million worth of tokens.

ChainSwap ($ASAP) allows users to move assets between Ethereum, Binance Smart Chain, and Huobi ECO chains. Sending over assets involves locking up tokens on a smart contract on one chain and minting new ‘wrapped’ tokens on another.

During the July 10 attack, the hacker used a vulnerability in ChainSwap’s smart contract to mint new tokens to a set of their own addresses on Binance Smart Chain (instead of the smart contract address), accumulate all the newly minted tokens to their wallet, then sell them all on PancakeSwap.

Around 20 tokens were affected, including the NFT startup Wilder World ($WILD, lost circa $320k), OptionRoom ($ROOM), AntiMatter ($MATTER), and Umbrella Network ($UMB), and ChainSwap itself ($ASAP): their tokens dropped by 70–99%.

Image: CoinGecko/CryptoPotato

ChainSwap took emergency measures, disabling the BSC-Ethereum bridge and suspending liquidity provision — but there was no way to return the $8 million worth of crypto that got stolen. After the hack, the project promised to compensate the affected $ASAP holders via an airdrop, though it’s still not clear if the holders of $WILD and other tokens will be compensated.

The incident demonstrates a worrisome feature of DeFi hacks in general: one project is attacked, but many get affected. A token can lose 90% of its value simply because another protocol’s liquidity pools are drained. The more interconnected protocols become, the more pronounced this problem can get. The most practical solutions are bug bounties and audit by blockchain security firms like QuantStamp, OpenZeppelin, or ConsenSys Diligence.

Another interesting thing to note is that ChainSwap recently raised $3 million from Alameda Research, Spark Digital Capital, Rarestone Capital, and others. It seems like even the support of major funds isn’t proof of a project’s quality: something for retail investors to think about.

Bad copy paste: Uranium Finance and BurgerSwap

DeFi is full of clones — projects that copy and paste the smart contract code of Uniswap, Compound, and other successful protocols. Worse, they often copy it with errors, making hackers’ work even easier.

BSC-based Uranium Finance is a prime recent example. This Uniswap V2 fork, where users receive daily dividends, was exploited on April 28, 2021, losing $57 million. As pointed out by Fulcrum developer Kyle Kistner, Uranium developers copied the code of SushiSwap (itself a Uniswap clone), replacing the number 1,000 with 10,000 everywhere — except for one instance:

Source link

As a result, the attacker could swap a tiny amount of input tokens for $57 million dollars in output cryptocurrency: WBNB, BUSD, DOT, ADA, etc. This must have been one of the most expensive typos in blockchain history.

Another example of a copy & paste disaster is BurgerSwap, hacked on May 28. It also copied Uniswap’s code, but a piece was missing: the x*y=k check, which is essential for calculating the token price for each swap. Without this equation in the contract, the attacker was able to swap a very small amount of a specially created dummy token for thousands of wrapped BNB and BURGER. Total loss for BurgerSwap: $7.2 million.

Flash loan hacks: PancakeBunny

Flash loans are a type of DeFi loan that doesn’t require collateral but has to be returned within the same blockchain block and in a single transaction. Aave was the first to introduce flash loans, whose main intended use case is arbitrage, or profiting from price differences on different exchanges.

The problem is that flash loans are highly exploitable. In just a few seconds, malicious agents manage to implement schemes that involve several protocols at once, steal millions of dollars’ worth of crypto, and return the loan.

The $200-million attack on PancakeBunny — a BSC-based decentralized exchange — was the largest of this type to date. On May 19, a criminal flash-borrowed a large amount of BNB on PancakeSwap, then injected that liquidity into the USDT/BNB and BUNNY/BNB pools on PancakeBunny to manipulate the prices.

The hacker obtained circa 700,000 BUNNY, driving the price from $140 to $240 in the process, sold everything, and repaid the loan — all within seconds. You can find a detailed post-mortem on the Rekt website. Perhaps the only funny part of the situation is that the hacker liked the post-mortem article so much that they actually donated $100K in DAI to Rekt!

PancakeBunny’s vaults weren’t affected, but even so, the damage reached $200 million, of which the hacker personally got around $45 million. The price of BUNNY dropped by 95%. Soon after, there was another flash loan attack: on May 29, BeltFinance lost $50 million.

Interestingly, PancakeSwap still offers flash loans. The team’s justification is that if PancakeSwap stops supporting them, others still will: flash loans will happen, whether you like it or not. The developers did give some advice on how to reduce the risks — for example, to prevent other contracts from interacting with a dApp’s contract when it’s not strictly necessary. However, these measures don’t eliminate the threat altogether, so we’re likely to see many more flash loan attacks in the future.

Private key theft: EasyFi hack (April 2021)

EasyFi is a multi-chain lending protocol built on the Polygon blockchain. On April 19, an attacker gained remote access to the computer of the protocol’s founder, Ankitt Gaur. The hacker was able to obtain the private keys to the MetaMask wallet and steal $6 million worth of tokens from EasyFi’s liquidity pools.

Moreover, the attacker withdrew 3 million EASY tokens, worth $75 million. This makes it one of the largest DeFi exploits so far. EASY quickly lost 50% of its value.

In response, the EasyFi team created a new token, $EZ, to be airdropped to all who had held $EASY prior to the attack.

The most disturbing thing about this incident is that the founder held all the admin keys needed to drain liquidity from the protocol — and didn’t even use multisig to protect the wallet. This goes against the idea that DeFi protocols are decentralized and thus somehow more secure than CeFi platforms like regular crypto exchanges.

Rug pull scams: WhaleFarm

A rug pull, or exit scam, is an exploit orchestrated by a protocol’s own creators. This scheme works because few investors are able to check the code for vulnerabilities. It goes as follows:

  • leave a loophole in the smart contract code, allowing the admins to withdraw all liquidity from the pools;
  • shill (promote) the project heavily with large bonuses etc.;
  • wait until naive liquidity providers bring in crypto and the price of the token pumps;
  • drain the pools, sell off the tokens (resulting in a dump), and disappear.

WhaleFarm is a recent example of a rug pull: a DeFi protocol that offered over 7,000,000% (yes, seven million per cent) in yield farming rewards. There were people who believed the outrageous promise: the pools held $2.3 million when they were drained on June 30, and WHALEFARM was trading at $215. The project’s Twitter and Telegram accounts were deleted, and the price of $WHALEFARM dumped 99.99%.

Smart contract security on new blockchains: Diem, Polkadot, Polygon, and others

So far the vast majority of attacks concern Ethereum and Binance Smart Chain dApps, because these chains have the biggest ecosystems and most assets circulating through them. But what will happen when next-generation blockchains, such as Polkadot, Diem, and Avalanche, grow large dApp ecosystems of their own? Will they be safer from attacks — or will hackers switch to whichever chain is more popular at any given moment?

Diem

Facebook-backed Diem blockchain uses a new programming language called Move, designed for writing safe smart contracts. As noted by the Move expert and Pontem collaborator Lee Ting Ting, “the bytecode is checked on-chain for resource, type, and memory safety by a bytecode verifier and then executed directly by a bytecode interpreter”, so that Move “doesn’t have to worry about the possible failures or attacks in compilers”.

In other words, everything is automatically verified before deployment, and, according to the Diem Security Overview page, there is a plan to build a sophisticated smart contract verification system. One can assume that creating bug-free dApps will be easier on Diem than on Ethereum or BSC.

Further, since Diem will be compliant with strict KYC requirements, it will be easier for authorities to track down the stolen funds and return them to users in case of an attack (though Ethereum and Bitcoin are also quite traceable).

Just as importantly, Diem will probably tightly control which dApps enter the ecosystem. The app review process could turn out to be very long, with a high rejection rate: somewhat similar to App Store, which employs 500+ experts and rejects around 40+ of all submissions. Code audits will likely play a big role: for example, Pontem Network plans to connect Diem-based startups to compliant code auditors through services like registries and aggregated reviews.

On the one hand, this will prevent the spread of buggy clones like BurgerSwap and Uranium Finance. On the other hand, the high entry barriers can stop many bona fide projects from getting on board.

It’s partly for this reason that we are building our experimental network for Diem — Pontem Network — on Polkadot: to let developers test their dApps and gain traction in a free decentralized environment before submitting projects to Diem. In terms of security this is an opportunity to run smart contracts in a live environment to check for vulnerabilities. An attack on such a live test dApp can cause only limited financial damage — and will allow the creators to fix the issues before it’s too late.

Polkadot

Speaking of Polkadot, it will be very interesting to see how things play out security-wise once the number of active parachains starts growing. While the Relay Chain provides general security to the whole ecosystem, every parachain’s developers decide on the terms: consensus, fees, block times, etc. The fact that so many disparate chains will be tightly interconnected can introduce new and challenging attack vectors.

Will we see an explosion of DeFi on Polkadot in a couple of years? Probably. Will there be a rampage of exploits and scams? Very likely: as the TVL (total locked value) of the Polkadot-based projects grows, hackers and conmen will follow the investment flows. The ChainSwap hack is a hint that bridges could become popular targets, together with parachains themselves.

At this point it’s not possible to say that the Polkadot ecosystem is inherently safer or riskier for DeFi than Ethereum or BSC. Luckily, Polkadot has a canary network, Kusama, with several active parachains and many more to come soon. What happens on Kusama will give developers an idea of what to expect from Polkadot and how to avoid security issues: it’s for a good reason that Kusama’s tagline reads, ‘Expect things to break’.

Polygon

Polygon’s ecosystem of Ethereum-compatible chains is growing fast, and its token $MATIC is one of the top performers of 2021. And as Polygon is inching towards the mainstream, hackers are starting to take an interest. We’ve already mentioned the EasyFi exploit; other recent attacks include:

The key takeaways

  • Hackers have switched their attention from centralized exchanges to DeFi dApps on Ethereum and Binance Smart Chains;
  • Smart contract hacks often target the errors introduced while copy-pasting other protocols’ code; however, even well-audited smart contracts can contain bugs;
  • Other attacks exploit an app’s business logic (e.g. flash loans);
  • Often dishonest creators themselves introduce loopholes to drain the liquidity (rug pull scams);
  • With the development of new decentralized ecosystems (Polkadot, Polygon, etc.) we may see new attack schemes;
  • Facebook-backed Diem should be better protected from hacks due to a high compliance barrier to entry. This makes it a safer choice for users, but it also means that developers will need a testing ground to run live dApps (and possibly break them) before submitting them to Diem. Pontem Network provides just such a testing environment.

Investors should be extra careful when joining new DeFi protocols on any blockchain. As they say in trading, don’t FOMO in: don’t let the fear of missing out on large gains lead you into a trap.

Here are a few signs that should raise a red flag:

  • No smart contract audit report;
  • Unrealistically high yields and advertising clearly targeting inexperienced users looking for quick profits;
  • Anything forked from Uniswap, Yearn.Finance, or Compound;
  • Large bonuses (10x or more) for early liquidity providers and yield farmers;
  • An anonymous team;
  • A token that is rapidly growing in price (pumping);
  • A sudden wave of shilling (promotion) on Crypto Twitter.

Smart contract security remains the key challenge for decentralized smart contract platforms — arguably more so than scalability, fees, or regulatory pressure. In a hurry to roll out a dApp and start making money, developers forgo audit or beta testing — and it’s the users who pay the price when a hack happens. Perhaps the ultimate lesson to draw from all the exploits is this: the more decentralized finance gets, the more important it is to do your own research before investing

TALK TO US: TWITTER | TELEGRAM | DISCORD

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

  1. Blockchain fees. Most NFTs are issued on the Ethereum blockchain, where you have to pay for gas. NFT minting involves a complex smart contract and thus requires a lot more gas than simply sending crypto. Plus, the gas has been very expensive in the past few months, so you can expect to pay at least $50–100 in gas fees per NFT collection.
  2. Marketplace fees. While you can issue an NFT on your own, it will be hard to promote it and find buyers. That’s why most creators work with NFT marketplaces like OpenSea and Rarible. And while minting NFTs on OpenSea is technically gasless and free, there is a gas fee to initialize a seller account and accept a bid from a buyer — expect to pay around $150 in total. On Rarible, the costs can exceed $600.
  • Facebook has almost 3 billion monthly active users, giving Diem the largest potential audience of any blockchain project on earth;
  • The stablecoin will probably get integrated into transactions on Facebook, Instagram, Messenger, and Whatsapp (shopping, paying for ads, sending money to friends etc.);
  • Facebook can afford to hire the best developers and marketers, so the execution and promotion will be top-notch;
  • Diem’s programming language, Move, is safe, flexible, and well-suited for writing smart contracts;
  • It should be possible to add third-party dApps to the Diem ecosystem — think of WeChat with its thousands of mini programs, but on blockchain.

Copyright: 2020 Pontem Technology Ltd. All Right Reserved
Privacy Policy

Subscribe

Quarterly newsletter

Please tick the relevant boxes below if you agree to receive the following marketing materials:

Thank You for Joining Us!

Your have successfully subscribed to our newsletter.
Oops! Something went wrong while submitting the form.