Why DeFi Flash Loan Attacks Will Keep Happening: Chainlink Co-Founder

Chainlink co-founder Sergey Nazarov has said that hackers will continue to come after DeFi protocols unless they change the way they get their price information. 

His comments on the Decrypt Daily podcast, published Friday, come after DeFi protocols lost over $100 million in a string of flash loan attacks that attacked Compound ($89 million), Harvest Finance ($34 million) and Cheese Bank ($3.3 million). 

The projects were subject to oracle exploits in which the price of stablecoins held in the protocols was manipulated.

Hackers were able to target several of the projects because they relied on Curve Finance’s data on the price of crypto held in its liquidity pools. 

Nazarov said on the podcast that all the attacks were “related to using a single centralized exchange as a price source”—and that these kinds of attacks will keep happening, even if protocols start getting their data from two or three sources. 

“I think it's a serious concern that both developers of these protocols should look into.” 

Nazarov says that those projects that relied on Curve misappropriated DeFi protocol Curve’s liquidity pools as oracles.

Nazarov said that Chainlink has been resistant to problems because it uses multiple data sources—getting data from “hundreds of exchanges.”

For DeFi protocols to avoid problems in the future, they will have to think about how they source their data, he said. 

Since the attacks, decentralized exchange Curve Finance warned DeFi projects to use Chainlink, which uses a decentralized oracle network (it gets data from one blockchain to another safely, so it can’t be manipulated.) 

It looks like the hottest new DeFi projects will have to step their game up when it comes to security or millions more will be lost.