Hacken Token
$ -- --.--

Top 5 DeFi Hacks of 2022 and How to protect against them

DeFi is not just a buzzword. It is the next new thing in the world of finance. If web 3.0 is the new Internet, DeFi is its new financial ecosystem. DeFi has its risks, of course. The world of decentralized finance faces the problem of DeFi token and protocol vulnerability. Only for the first 5 months of 2022, DeFi hacks have amounted to $1.4 billion in financial losses. This article will look at the biggest DeFi hacks in recent months and offer our three solutions for DeFi vulnerability.

DeFi Security is a Necessity

According to DeFi Pulse, the total value locked (TVL) in DeFi is more than $56 billion. The figure is impressive, but it is still a sharp decrease from 2021, when TVL in DeFi reached more than $110 billion. The reduction in TVL is mainly attributed to the recent stablecoin collapse. At the same time, the drop in TVL can be partially explained by financial losses due to DeFi token vulnerability and DeFi protocol vulnerability. After all, DeFi is still a novel concept, and it is highly lucrative for hackers. DeFi protocols are increasingly subject to cyber-attacks, exploits, scams, and arbitrage.

DeFi Vulnerability in Numbers

According to the REKT Database of cyber-attacks, DeFi protocols have lost $4.75 billion in total due to scams, hacks, and exploits. Out of $4.75 billion lost, only $1 billion was returned. Only 21 percent of all the funds lost due to cyber-attacks have been recovered. Today, REKT Database has reports of 2,782 attacks. The most popular type of cyber-attack is a honeypot, followed by exit scam, exploit, access control, and flash loan.

Figure 1: Total funds lost due to DeFi hacks since 2012

The number of DeFi cyber-attacks has been steadily growing in the last 12 months. According to DeFi REKT, the year-to-date total funds lost is $1.4 billion. Here is a list of tokens and protocols that have fallen victims to the biggest DeFi cyber-attacks in the past year.

Ronin

Loss: $615.5 million

Date: March 29, 2022

Type: Exploit

The Ronin Validator Security Breach revealed the most significant DeFi vulnerability on record. The hacker stole 173,600 ETH and 25.5 million USDC from Ronin Bridge in just two transactions.

On March 23, the hacker compromised Sky Mavis’s Ronin and Axie DAO validator nodes. The perpetrator was able to hack private keys, allowing them to make fake withdrawals. It is worth noting that Ronin had a decentralized validator key scheme. However, the attacker found a backdoor in a decentralized validation scheme. In particular, they utilized a gas-free RPC node to receive the signature for the Axie DAO validator.

On April 14, the FBI found that Lazarus Group, a hacking group based in North Korea, was responsible for the exploit. According to the U.S. Department of the Treasury, the group is also known as “Appleworm,” “Group 77,” “APT-C-26,” and “Hidden Cobra.” The U.S. Department of Treasury sanctioned the ETH address that received the funds. The Ronin exploit is the biggest of all DeFi hacks to this day.

Poly Network

Loss: $602.2 million

Date: August 10, 2021

Type: Exploit

The hacker exploited unverified Proxy smart contracts on three chains: ETH, BSC, and Polygon. Given the enormous financial loss, it’s no surprise Poly Network later offered the hacker to become the platform’s chief security advisor.

Wormhole

Loss: $326 million

Date: February 2, 2022

Type: Exploit

The hacker allegedly exploited a security vulnerability in signature verification. This breach allowed the hacker to mint 120,000 wETH on Solana.

Beanstalk

Loss: $181 million

Date: April 18, 2022

Type: Flash Loan

This attacker exploited a 1-day delay in $BEAN governance proposal contract to complete a flash loan. The flash loan allowed the attacker to manage more than 70% of the total seeds. The attacker got access to 350m DAI, 500m USDC, 150m USDT, 32m BEAN, and 11.6m LUSD. The Beanstalk attack is the biggest flash loan hack to date.

Vulcan Forged

Loss: $140 million

Date: December 12, 2021

Type: Access Control

The Vulcan Forged DeFi attack was about gaining access control over private keys. Vulcan Forged creates wallets for its users and stores their keys. The attacker gained access to 96 wallets and drained 4.5m PYR tokens, in addition to ETH and MATIC.

DeFi Vulnerability is a Red Flag for Community

In addition to direct monetary losses, DeFi vulnerability results in huge reputational damages for entrepreneurs behind DeFi protocols. DeFi cyber-attacks put the founder’s reputation at risk. DeFi token vulnerability and DeFi protocol vulnerability, especially when left unchecked, are massive red flags for the community of DeFi users.

How to Stop DeFi Hacks?

Preventing DeFi cyber-attacks is vital, especially when looking at financial damage. The DeFi industry has already suffered $3 billion in irreversible losses due to DeFi hacks. With this in mind, DeFi protocols have huge monetary and reputational incentives to improve their DeFi security. The Web 3.0 cybersecurity company Hacken offers practical solutions for businesses that take their DeFi security seriously.

Hacken provides several DeFi cybersecurity services, including smart contract security audits, penetration tests, and bug bounties.

Smart Contract Security Audits for DeFi

A DeFi security audit is the most effective measure for dealing with DeFi security vulnerabilities. In essence, a contract security audit assesses the recorded transactions with a blockchain ledger. Hacken conducts blockchain protocol audits, and smart contract audits for Ethereum, Solana, BSC, Polygon, and other networks. In Ethereum alone, Hacken has audited smart contracts for a total market cap of $100 billion. Hacken is the proven leader in blockchain audit thanks to years of experience in this field and the exceptional expertise of our security specialists.

Penetration Tests for DeFi

Hacken offers penetration testing services for web applications, mobile apps, and networks. Penetration testing is a cost-effective solution for DeFi protocols. It comes in handy for businesses that do not have large security teams.   

Bug Bounty for DeFi

HackenProof is a bug bounty and vulnerability coordination platform that connects customers, including DeFi protocol owners, with a community of external security experts, a.k.a ethical hackers. Hacken offers Bug Bounty programs of three types depending on the customer’s goals.

Bug bounties are crowdsourced. Dozens of white hat hackers compete for a monetary prize to be the first to identify a particular security vulnerability. Bug Bounty solutions are beneficial for evaluating DeFi security because white hat hackers act like real hackers. HackenProof has generated 5,730 reports of security breaches from white hat hackers.

Tell us about your project

  • This field is required
  • This field is required
    • whatsapp icon WhatsApp
    • telegram icon Telegram
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

800+ projects with $250B protected MarketCap

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

800+ projects with $250B protected MarketCap

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo
hackenproof logo

The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

hackenproof logo

The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

hackenproof logo

The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.