In brief

  • DeFi hacks have cost crypto platforms and users $100 million so far this year, according to CipherTrace.
  • During the first half of 2020, DeFi thefts accounted for 40% of all crypto thefts and hacks.
  • CipherTrace suggested DeFi protocols are particularly vulnerable to fraud and money laundering.

Blockchain investigation firm CipherTrace today published a report that shows 40% of all crypto hacks in the first half of 2020 targeted decentralized finance (DeFi) protocols and cryptocurrency exchanges.

The five-year-old company found $51.5 million in DeFi-related crypto theft from January through June. From July until now, that figure is $47.7 million—14% of the Q3-Q4 total.

DeFi hacks and thefts account for $10 million a month.

DeFi refers to non-custodial financial products, such as decentralized lending protocols and exchanges. They became popular this summer after they began offering lucrative bonuses to investors, who consequently plugged over $14 billion worth of crypto into those protocols in the following months. Several of these products are new, highly experimental and unregulated. That makes them vulnerable to hackers. 

Said CipherTrace in its report: “DeFi protocols are permissionless by design, meaning they often lack any clear regulatory compliance and anyone in any country is able to access them with little to no KYC information collected. As a result, DeFi can easily become a haven for money launderers.”

One protocol, decentralized margin lending protocol bZx, was hacked three times this year. Two hacks cost it $1 million in February, and a hacker in September stole $8.1 million. 

Hackers stole $25 million from the dForce protocol in April (though returned some of the money when the funds were blacklisted). Harvest Finance, a DeFi robo-advisor protocol, lost $34 million to a hacker last month (the hacker also returned a small amount of the money).

CipherTrace said that the proportion of funds lost to DeFi hacks and thefts declined in the second half of the year due to the KuCoin crypto exchange attack, in which almost $281 million worth of cryptocurrency was stolen. Much of that crypto was eventually blacklisted or rendered obsolete, but the hacker continues to sell some of the funds.

The blockchain investigation firm said that if the DeFi industry doesn’t find some way to keep its smart contracts shipshape, “it is likely that DeFi will only continue to suffer from the consequences resulting from vulnerabilities, fraud, and money laundering.”