Why DeFi Flash Loan Attacks Will Keep Happening: Chainlink Co-Founder

Chainlink co-founder Sergey Nazarov has said that hackers will continue to come after DeFi protocols unless they change the way they get their price information. 

His comments on the Decrypt Daily podcast, published Friday, come after DeFi protocols lost over $100 million in a string of flash loan attacks that attacked Compound ($89 million), Harvest Finance ($34 million) and Cheese Bank ($3.3 million). 

The projects were subject to oracle exploits in which the price of stablecoins held in the protocols was manipulated.

Hackers were able to target several of the projects because they relied on Curve Finance’s data on the price of crypto held in its liquidity pools. 

Nazarov said on the podcast that all the attacks were “related to using a single centralized exchange as a price source”—and that these kinds of attacks will keep happening, even if protocols start getting their data from two or three sources. 

“I think it's a serious concern that both developers of these protocols should look into.” 

Nazarov says that those projects that relied on Curve misappropriated DeFi protocol Curve’s liquidity pools as oracles.

Nazarov said that Chainlink has been resistant to problems because it uses multiple data sources—getting data from “hundreds of exchanges.”

After $6 Million Hack, Value DeFi Turns to Chainlink for Help

Value DeFi, the yield farming decentralized finance protocol that last Saturday lost $6 million after someone exploited a vulnerability with its unaudited, centralized price oracle, today integrated Chainlink, a decentralized oracle network. Value DeFi’s exploit took place the day after the launch of its MultiStables Vault, a new financial project designed to shift investors’ money around different DeFi protocols to maximize profits.  Someone managed to manipulate the price of tokens in one of...

For DeFi protocols to avoid problems in the future, they will have to think about how they source their data, he said. 

Since the attacks, decentralized exchange Curve Finance warned DeFi projects to use Chainlink, which uses a decentralized oracle network (it gets data from one blockchain to another safely, so it can’t be manipulated.) 

It looks like the hottest new DeFi projects will have to step their game up when it comes to security or millions more will be lost.