A recent report by Halborn highlights how hacks in DeFi continue to represent a serious threat, despite a decrease in the amount stolen in 2023. Protocols need to improve security to protect investors.

Let’s see all the details below. 

The on-chain and off-chain hacks continue to put DeFi at risk

Decentralized finance (DeFi) has revolutionized the world of cryptocurrencies, offering new opportunities for investors and increasing access to financial services. 

However, the sector continues to be vulnerable to serious security threats, as highlighted in a recent report by the blockchain security company Halborn. 

Despite the 50% drop in the amounts stolen in 2023 compared to previous years, hacks in DeFi remain a significant concern.

According to the report by Halborn, which analyzes the top 100 DeFi attacks between 2016 and 2023, the total accumulated losses amount to 7.4 billion dollars. 

The platforms most affected include Ethereum, Binance Smart Chain, and Polygon, where the majority of the attacks have been concentrated.

On-chain attacks, such as the exploitation of smart contracts, price manipulation, and governance attacks, are among the most widespread in DeFi. 

However, off-chain attacks, including the theft of private keys, represent a significant portion of the total, with 29% of overall attacks and 34.6% of stolen funds. 

In 2023, off-chain attacks constituted 56.5% of total incidents and 57.5% of the amounts stolen.

This shift towards off-chain attacks is particularly concerning as these attacks can occur even without directly compromising the blockchain.

The theft of private keys, for example, allows hackers to directly access users’ funds, bypassing the misure di sicurezza based on the blockchain.

The Importance of multi-sig wallets and code verification

One of the main recommendations of the Halborn report is the widespread adoption of wallet multi-sig, a security measure that requires the approval of a transaction by multiple parties before it is executed. 

Surprisingly, only 21% of the protocols affected by the attacks have implemented this type of protection, leaving ample opportunities for exploitation by hackers.

Furthermore, Halborn emphasizes the importance of code verification, especially in on-chain protocols. 

The lack of code verification or the validation of defective inputs is one of the main causes of vulnerabilities in smart contracts, which are the basis of many DeFi platforms. 

Accurate code verification could prevent many of the attacks that exploit these weaknesses.

The cross-chain bridges, which allow the transfer of assets between different blockchains, are identified in the report as a particularly vulnerable attack vector. 

Halborn warns that protocols must carefully review the code before implementing a cross-chain bridge, as these mechanisms are often targets of sophisticated exploits.

A recent example is the attack on the Ronin Bridge, which occurred last week, resulting in the loss of 12 million dollars.

This incident follows another even more significant exploit that occurred two years earlier, when a whopping 625 million dollars were stolen from the same protocol.

The crucial role of regulatory compliance

With the evolution of regulations, compliance is becoming increasingly central for DeFi platforms. 

The regulatory authorities are paying increasing attention to the security and protection of investors, and platforms that fail to maintain high security standards could find themselves in trouble.

Bitfinex, one of the most advanced cryptocurrency trading platforms, has recently initiated a collaboration with Komainu Connect to explore a new remote custody solution.

This collaboration, based on Ledger Tradelink technology, demonstrates the commitment of the main cryptocurrency platforms to improve security and compliance, offering institutional investors a safer trading environment.

Despite the progress in reducing hacks, DeFi remains a high-risk sector. Attacks continue to evolve, exploiting new vulnerabilities both on-chain and off-chain. 

To protect investors and ensure the long-term sustainability of the sector, it is essential that DeFi protocols adopt more stringent security measures, such as the use of multi-sig wallets and thorough code verification.