An analysis of recent trends in DeFi protocol breaches, comparisons with centralized exchange breaches, and a case study of Harvest Finance protocol breach.
In 2020, DeFi (decentralized finance) projects became incredibly popular among cryptocurrency industry users for non-centralized P2P (peer-to-peer) transactions.
According to CoinMarketCap, the DeFi market cap was more than $101.96 billion on April 12, 2021, and the number of projects already exceeds 200+. This is mainly due to the basic principle of the decentralizing projects to promote transparency and flexibility for the user involved. However, due to its relatively recent appearance on the market and the novelty of the technology, DeFi has quite a lot of risks associated.
First of all, with the risk of smart contract hacks, which is what cybercriminals use.
The Crystal Blockchain analytics team analyzed the exploitation of Harvest Finance project, which occurred in October 2020, one of the largest DeFi hacks of 2020.
Harvest Finance is a farming protocol, or “an international cooperative of humble farmers pooling resources together in order to earn DeFi yields.” According to the team, “when farmers deposit, Harvest automatically farms the highest yields with these deposits using the latest farming techniques.” So the project accumulates value return across various lending protocols, optimizing it for maximum profit.
On October 26, 2020, by manipulating arbitration, an unknown crypto-criminal withdrew to their address about $25 million (~ 13M USDC and ~ 11M USDT) in the following transaction:
On the very first day, the attacker sent the stolen 13M USDC to another popular DeFi project, Uniswap – a decentralized trading protocol – via the following transaction:
As a result of this exchange or swap of tokens, the hacker received more than 30,377 ETH to his account. All “swap” data is open on the public blockchain.
NOTE: Token swaps in Uniswap are a way to trade one ERC-20 token for another.
On the same day, as a result of twelve transactions in total, the hacker exchanged 11m USDT for more than 26,500 ETH.
As a result of 11 transactions, the hacker transferred most of the received ether into tokenized bitcoin – Wrapped BTC (WBTC), having received a total of more than 1,519 tokens in exchange for more than 51,315 ETH. It should be noted that Crystal also discovered a transfer of 300 ETH to the Tornado mixer in a transaction:
The WBTC received as a result of this exchange was then sent to another DeFi protocol – Ren, from which the attacker transferred the tokens into bitcoins and distributed them to 7 addresses. Their hashes can be seen in a detailed description of the Ren transaction in the visual below, due to their protocol functionality.
Following this, half of the received bitcoins were sent mainly to the Wasabi mixer, but at the same time partially moved to centralized Virtual Assets Service Providers (VASPs) such as Binance, Huobi, and others. The other half of the bitcoins is still lying motionless. Crystal Blockchain will continue monitoring the movement of funds.
The attacker tried to obfuscate (launder) the funds to derail investigations by wiring funds through multiple DeFi protocols. However, given the fact that protocols such as Uniswap (including forks) and Ren provide information about swapping tokens and show final recipient addresses, this method of “ML” cannot be considered efficient.
In such cases, the difficulty is in spending additional resources to “deploy” these swap transactions and find out what exactly happened next. Crystal analytics tags all addresses that could potentially belong to the criminal and which received funds from these swaps. This step will further help VASPs prevent money laundering if they use the analytics software. To really cover tracks, the attackers would have been better served to pass funds through weakly regulated exchanges and traditional “mixers” that are not as easy to track. Fortunately, they didn’t do that here.
Based on the current reality of this relatively novel industry, we can easily say that the decentralized sector is still at the beginning of its development stages, there’s much more to come. We cannot help compare however, and look at the similarities and differences between decentralized (DEX) and centralized exchanges (CEX).
As said in the introduction, the DeFi crypto market cap presented as $101.96b on CoinMarketCap on April 12, 2021, already a 1.79% increase on the day before, and up from $850m in December 2020. According to The Block Crypto, “DeFi… scalability and sophistication is set to compete with centralized services in 2021”. Adrian Peng, CEO of Cook Finance, a decentralized asset management platform, said “We are in the early stages, with a lot of hype and bubbles around it, just like the internet in the 90s”. Investors are expecting meteoric growth in the DeFi sector.
As per any new financial sector surrounded by hype, this does mean a potential increase in scams and security breaches in DeFi as crypto-criminals look for opportunities to exploit protocols and protocol funds for their own gain.
What’s positive though, is that crypto analytics software companies like Crystal Blockchain are adding more DeFi protocol support to their platforms to meet this growing trend and to combat potential illicit activities. To date Crystal covers monitoring for 80+ protocols, along with 1500+ ERC-20 and ERC-721 tokens, with even more coverage expected for decentralized assets in the coming months.
See the Crystal Blockchain platform in action. Get a demo today.