Smart contract security and the biggest DeFi hacks of 2021
TALK TO US: TELEGRAM |TWITTER | DISCORD
Where money flows, hackers and scammers follow: and right now it’s decentralized protocols on Ethereum and Binance Smart Chain. In this article, we’ll look at different types of DeFi exploits and discuss the security challenges faced by the next generation of smart contract platforms, such as Polkadot, and Polygon.
Hackers now steal more from DeFi than from exchanges
Centralized crypto exchanges don’t get hacked as often as they used to. Back in 2019, exchanges lost a record $865 million to attacks; the single largest crypto hack was that of the Japanese exchange Coincheck in 2018, when $500M was stolen. But in Q1 2021, hackers stole only $2.92M from exchanges and $86M from Ethereum dApps. The EasyFi exploit in April alone cost the ecosystem over$80 million.
In 2020, according to Atlas VPN, exchanges lost $300M to attacks, which represents less than 10% of the total of $3.78B stolen by blockchain criminals last year. For comparison: $446M were stolen from Ethereum and Tron dApps, mostly in DeFi hacks.
Why are hackers shifting their attention from exchanges to DeFi protocols? The most likely reason is that it’s easier. Exchanges constantly upgrade their security systems and store a large share of the client funds in cold wallets, where they are inaccessible to hackers most of the time (except for those moments when crypto is transferred from a cold to a hot wallet).
By contrast, DeFi projects are often launched hastily and without a proper audit; few can afford a security department; and most of the value is stored on-chain, in liquidity pool contracts. This makes them a low-hanging fruit for criminals, because a pool contract is always accessible and can be interacted with: it’s like a door always ready to open, as long as you can guess the combination.
Another — though related — possible reason is that the centralized exchange space is becoming more regulated. To obtain the coveted regulated status, trading platforms often have to adhere to strict security and audit procedures.
How money gets stolen from blockchain protocols: 4 ways
There are several common reasons why dApps get hacked:
- Smart contract bugs. Even large protocols that have passed an audit can contain vulnerabilities, and hackers are getting more savvy at finding them.
- Copy & paste errors. A lot of DeFi projects are cloned from popular protocols, and sometimes simple typos while copying the code can result in bugs — and very embarrassing hacks.
- Faulty dApp logic. Sometimes an attacker simply needs to ‘play the system’: do something that an app technically allows them to do, abusing its financial logic.
- Built to be drained. Dishonest founders often leave themselves a loophole to withdraw the liquidity from a dApp — then pull the rug from under the users, disappearing with the money.
We will look at a few recent examples to explore how blockchain protocols get exploited and what users can do to avoid losing money.
Smart contract bugs: ChainSwap hack
Ethereum isn’t the only game in town anymore: new blockchain ecosystems are developing on alternative blockchains, such as BSC, HECO, and Polkadot. Accordingly, there’s a growing need for cross-chain bridges — tools that allow users to move assets between chains. These bridges can themselves become exploit targets, as happened with ChainSwap, which lost $8 million worth of tokens.
ChainSwap ($ASAP) allows users to move assets between Ethereum, Binance Smart Chain, and Huobi ECO chains. Sending over assets involves locking up tokens on a smart contract on one chain and minting new ‘wrapped’ tokens on another.
During the July 10 attack, the hacker used a vulnerability in ChainSwap’s smart contract to mint new tokens to a set of their own addresses on Binance Smart Chain (instead of the smart contract address), accumulate all the newly minted tokens to their wallet, then sell them all on PancakeSwap.
Around 20 tokens were affected, including the NFT startup Wilder World ($WILD, lost circa $320k), OptionRoom ($ROOM), AntiMatter ($MATTER), and Umbrella Network ($UMB), and ChainSwap itself ($ASAP): their tokens dropped by 70–99%.
ChainSwap took emergency measures, disabling the BSC-Ethereum bridge and suspending liquidity provision — but there was no way to return the $8 million worth of crypto that got stolen. After the hack, the project promised to compensate the affected $ASAP holders via an airdrop, though it’s still not clear if the holders of $WILD and other tokens will be compensated.
The incident demonstrates a worrisome feature of DeFi hacks in general: one project is attacked, but many get affected. A token can lose 90% of its value simply because another protocol’s liquidity pools are drained. The more interconnected protocols become, the more pronounced this problem can get. The most practical solutions are bug bounties and audit by blockchain security firms like QuantStamp, OpenZeppelin, or ConsenSys Diligence.
Another interesting thing to note is that ChainSwap recently raised $3 million from Alameda Research, Spark Digital Capital, Rarestone Capital, and others. It seems like even the support of major funds isn’t proof of a project’s quality: something for retail investors to think about.
Bad copy paste: Uranium Finance and BurgerSwap
DeFi is full of clones — projects that copy and paste the smart contract code of Uniswap, Compound, and other successful protocols. Worse, they often copy it with errors, making hackers’ work even easier.
BSC-based Uranium Finance is a prime recent example. This Uniswap V2 fork, where users receive daily dividends, was exploited on April 28, 2021, losing $57 million. As pointed out by Fulcrum developer Kyle Kistner, Uranium developers copied the code of SushiSwap (itself a Uniswap clone), replacing the number 1,000 with 10,000 everywhere — except for one instance:
As a result, the attacker could swap a tiny amount of input tokens for $57 million dollars in output cryptocurrency: WBNB, BUSD, DOT, ADA, etc. This must have been one of the most expensive typos in blockchain history.
Another example of a copy & paste disaster is BurgerSwap, hacked on May 28. It also copied Uniswap’s code, but a piece was missing: the x*y=k check, which is essential for calculating the token price for each swap. Without this equation in the contract, the attacker was able to swap a very small amount of a specially created dummy token for thousands of wrapped BNB and BURGER. Total loss for BurgerSwap: $7.2 million.
Flash loan hacks: PancakeBunny
Flash loans are a type of DeFi loan that doesn’t require collateral but has to be returned within the same blockchain block and in a single transaction. Aave was the first to introduce flash loans, whose main intended use case is arbitrage, or profiting from price differences on different exchanges.
The problem is that flash loans are highly exploitable. In just a few seconds, malicious agents manage to implement schemes that involve several protocols at once, steal millions of dollars’ worth of crypto, and return the loan.
The $200-million attack on PancakeBunny — a BSC-based decentralized exchange — was the largest of this type to date. On May 19, a criminal flash-borrowed a large amount of BNB on PancakeSwap, then injected that liquidity into the USDT/BNB and BUNNY/BNB pools on PancakeBunny to manipulate the prices.
The hacker obtained circa 700,000 BUNNY, driving the price from $140 to $240 in the process, sold everything, and repaid the loan — all within seconds. You can find a detailed post-mortem on the Rekt website. Perhaps the only funny part of the situation is that the hacker liked the post-mortem article so much that they actually donated $100K in DAI to Rekt!
PancakeBunny’s vaults weren’t affected, but even so, the damage reached $200 million, of which the hacker personally got around $45 million. The price of BUNNY dropped by 95%. Soon after, there was another flash loan attack: on May 29, BeltFinance lost $50 million.
Interestingly, PancakeSwap still offers flash loans. The team’s justification is that if PancakeSwap stops supporting them, others still will: flash loans will happen, whether you like it or not. The developers did give some advice on how to reduce the risks — for example, to prevent other contracts from interacting with a dApp’s contract when it’s not strictly necessary. However, these measures don’t eliminate the threat altogether, so we’re likely to see many more flash loan attacks in the future.
Private key theft: EasyFi hack (April 2021)
EasyFi is a multi-chain lending protocol built on the Polygon blockchain. On April 19, an attacker gained remote access to the computer of the protocol’s founder, Ankitt Gaur. The hacker was able to obtain the private keys to the MetaMask wallet and steal $6 million worth of tokens from EasyFi’s liquidity pools.
Moreover, the attacker withdrew 3 million EASY tokens, worth $75 million. This makes it one of the largest DeFi exploits so far. EASY quickly lost 50% of its value.
In response, the EasyFi team created a new token, $EZ, to be airdropped to all who had held $EASY prior to the attack.
The most disturbing thing about this incident is that the founder held all the admin keys needed to drain liquidity from the protocol — and didn’t even use multisig to protect the wallet. This goes against the idea that DeFi protocols are decentralized and thus somehow more secure than CeFi platforms like regular crypto exchanges.
Rug pull scams: WhaleFarm
A rug pull, or exit scam, is an exploit orchestrated by a protocol’s own creators. This scheme works because few investors are able to check the code for vulnerabilities. It goes as follows:
- leave a loophole in the smart contract code, allowing the admins to withdraw all liquidity from the pools;
- shill (promote) the project heavily with large bonuses etc.;
- wait until naive liquidity providers bring in crypto and the price of the token pumps;
- drain the pools, sell off the tokens (resulting in a dump), and disappear.
WhaleFarm is a recent example of a rug pull: a DeFi protocol that offered over 7,000,000% (yes, seven million per cent) in yield farming rewards. There were people who believed the outrageous promise: the pools held $2.3 million when they were drained on June 30, and WHALEFARM was trading at $215. The project’s Twitter and Telegram accounts were deleted, and the price of $WHALEFARM dumped 99.99%.
Smart contract security on new blockchains: Diem, Polkadot, Polygon, and others
So far the vast majority of attacks concern Ethereum and Binance Smart Chain dApps, because these chains have the biggest ecosystems and most assets circulating through them. But what will happen when next-generation blockchains, such as Polkadot, Diem, and Avalanche, grow large dApp ecosystems of their own? Will they be safer from attacks — or will hackers switch to whichever chain is more popular at any given moment?
Polkadot
Speaking of Polkadot, it will be very interesting to see how things play out security-wise once the number of active parachains starts growing. While the Relay Chain provides general security to the whole ecosystem, every parachain’s developers decide on the terms: consensus, fees, block times, etc. The fact that so many disparate chains will be tightly interconnected can introduce new and challenging attack vectors.
Will we see an explosion of DeFi on Polkadot in a couple of years? Probably. Will there be a rampage of exploits and scams? Very likely: as the TVL (total locked value) of the Polkadot-based projects grows, hackers and conmen will follow the investment flows. The ChainSwap hack is a hint that bridges could become popular targets, together with parachains themselves.
At this point it’s not possible to say that the Polkadot ecosystem is inherently safer or riskier for DeFi than Ethereum or BSC. Luckily, Polkadot has a canary network, Kusama, with several active parachains and many more to come soon. What happens on Kusama will give developers an idea of what to expect from Polkadot and how to avoid security issues: it’s for a good reason that Kusama’s tagline reads, ‘Expect things to break’.
Polygon
Polygon’s ecosystem of Ethereum-compatible chains is growing fast, and its token $MATIC is one of the top performers of 2021. And as Polygon is inching towards the mainstream, hackers are starting to take an interest. We’ve already mentioned the EasyFi exploit; other recent attacks include:
- ApeRocket — a flash loan attack;
- SafeDollar — a stablecoin that dumped to 0;
- Polywhale — a likely rug pull; the founders even cited mental health as one of the reasons.
- Iron Finance — a project backed by the billionaire investor Marc Cuban.
The key takeaways
- Hackers have switched their attention from centralized exchanges to DeFi dApps on Ethereum and Binance Smart Chains;
- Smart contract hacks often target the errors introduced while copy-pasting other protocols’ code; however, even well-audited smart contracts can contain bugs;
- Other attacks exploit an app’s business logic (e.g. flash loans);
- Often dishonest creators themselves introduce loopholes to drain the liquidity (rug pull scams);
- With the development of new decentralized ecosystems (Polkadot, Polygon, etc.) we may see new attack schemes;
- Facebook-backed Diem should be better protected from hacks due to a high compliance barrier to entry. This makes it a safer choice for users, but it also means that developers will need a testing ground to run live dApps (and possibly break them) before submitting them to Diem. Pontem Network provides just such a testing environment.
Investors should be extra careful when joining new DeFi protocols on any blockchain. As they say in trading, don’t FOMO in: don’t let the fear of missing out on large gains lead you into a trap.
Here are a few signs that should raise a red flag:
- No smart contract audit report;
- Unrealistically high yields and advertising clearly targeting inexperienced users looking for quick profits;
- Anything forked from Uniswap, Yearn.Finance, or Compound;
- Large bonuses (10x or more) for early liquidity providers and yield farmers;
- An anonymous team;
- A token that is rapidly growing in price (pumping);
- A sudden wave of shilling (promotion) on Crypto Twitter.
Smart contract security remains the key challenge for decentralized smart contract platforms — arguably more so than scalability, fees, or regulatory pressure. In a hurry to roll out a dApp and start making money, developers forgo audit or beta testing — and it’s the users who pay the price when a hack happens. Perhaps the ultimate lesson to draw from all the exploits is this: the more decentralized finance gets, the more important it is to do your own research before investing