In brief

  • Over $100 million was lost when hackers targeted a number of DeFi projects.
  • They were able to manipulate prices and walk away with the money because the DeFi protocols get their data from one source, which is risky.
  • The founder of top DeFi project Chainlink told Decrypt that this will continue to happen unless DeFi projects get their data from a number of sources.

Chainlink co-founder Sergey Nazarov has said that hackers will continue to come after DeFi protocols unless they change the way they get their price information. 

His comments on the Decrypt Daily podcast, published Friday, come after DeFi protocols lost over $100 million in a string of flash loan attacks that attacked Compound ($89 million), Harvest Finance ($34 million) and Cheese Bank ($3.3 million). 

The projects were subject to oracle exploits in which the price of stablecoins held in the protocols was manipulated.

Hackers were able to target several of the projects because they relied on Curve Finance’s data on the price of crypto held in its liquidity pools. 

Nazarov said on the podcast that all the attacks were “related to using a single centralized exchange as a price source”—and that these kinds of attacks will keep happening, even if protocols start getting their data from two or three sources. 

“I think it's a serious concern that both developers of these protocols should look into.” 

Nazarov says that those projects that relied on Curve misappropriated DeFi protocol Curve’s liquidity pools as oracles.

Nazarov said that Chainlink has been resistant to problems because it uses multiple data sources—getting data from “hundreds of exchanges.”

For DeFi protocols to avoid problems in the future, they will have to think about how they source their data, he said. 

Since the attacks, decentralized exchange Curve Finance warned DeFi projects to use Chainlink, which uses a decentralized oracle network (it gets data from one blockchain to another safely, so it can’t be manipulated.) 

It looks like the hottest new DeFi projects will have to step their game up when it comes to security or millions more will be lost.

Disclaimer

The views and opinions expressed by the author are for informational purposes only and do not constitute financial, investment, or other advice.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.