Decentralized finance is enjoying a period of sustained growth, with nearly $80 billion in assets locked into protocols, per data from DeFi Pulse, just 10% lower than its May peak.
But, as the saying goes: more money, more problems.
According to a new report from blockchain forensics firm CipherTrace, DeFi-related hacks and fraud have cost protocols and their users $474 million through the first seven months of the year. While overall cryptocurrency fraud and crime has dropped considerably—CipherTrace pegged the number at $4.5 billion in 2019 and $1.9 billion in DeFi hacks have done 270% more damage than all of last year.
Decentralized finance, or DeFi, refers to blockchain-based protocols that facilitate money lending, interest, asset swaps and other financial transactions without using an intermediary. Instead of relying on people and institutions to move money, DeFi relies on code known as smart contracts to automate transactions.
From the viewpoint of cryptocurrency advocates, such protocols allow individuals to make their own decisions about what to do with their assets while avoiding intermediaries' fees.
But there are risks, as CipherTrace's report shows. External attacks drained protocols to the tune of $361 million in misbegotten tokens and coins. Rug pulls, in which the project itself dupes investors and takes off with funds, cost users $113 million.
CipherTrace is most concerned about that $361 million figure, but it's worth noting that DeFi tokens—and Ethereum, the reserve currency of DeFi, are simply worth much more now than they were even half a year ago.
Ethereum's price stands above $3,100, an increase of more than 200% since the beginning of the year, as is Compound, a popular lending and borrowing service in DeFi. UNI, the governance token of decentralized exchange Uniswap, is up over 400%.
Still, DeFi attacks are growing in relative terms.
According to CipherTrace, the sub-sector is responsible for 75% of all cryptocurrency hacks. What's more, "DeFi-related fraud accounted for 54% of major crypto fraud volume, whereas last year DeFi-related fraud only made up 3% of the year’s total."
Most of the attacks on DeFi protocols use flash loans. Flash loans are a way for someone to borrow a lot of money, use that borrowed capital to take advantage of an arbitrage opportunity, then pay back the loan—all in one transaction.
"The crux of the problem lies not in platforms giving out the flash loans," wrote CipherTrace, "but the unaudited smart contracts the loans are sent to and exploited."
The firm detailed 30 known attacks since the beginning of the year, including a $45 million swindle from PancakeBunny in May. And with the current pace at which DeFi is evolving, it's likely that this list continues growing throughout 2021.