Despite Rapid Growth, DeFi Hacking Cases Continue

According to DeFiLlama, the total value of decentralized finance (DeFi) protocols increased over 100-fold from $16.5bn in December 2020 to $160bn this May. Yet despite DeFi’s popularity, hacking incidents stealing funds keep occurring. Repeated flash loan or ‘rug-pull’ incidents affecting multiple projects based on Binance Smart Chain (BSC) have been a hot issue recently that require particular investor caution. BSC is a separate blockchain network created by virtual asset exchange Binance. It has recently been in the spotlight due to its relatively low fees compared to Ethereum. In fact, there has been a trend towards many Ethereum DeFi projects, including 1INCH, moving to BSC.

Recently, several Binance Smart Chain (BSC)-based projects, including TurtleDEX and BURGER Swap, there have been a series of ‘dine and dash’ incidents in which the management absconds with deposited funds or exposes security loopholes. There are many reports of cases in which dormant malicious code is planted to allow operators to steal money or where hackers exploit the flash loan function, an unsecured loan function, to extract funds. Flash loan refers to a technology that lends cryptocurrency to users and immediately repays them – all within the few short minutes before a transaction is finally approved on the blockchain. A central feature of flash loan is that loan and repayment are processed in an instant on the level of a single transaction. However, hackers have been abusing flash loans for criminal purposes. Using enormous funds, they induce a decrease in the price of a specific token, buy tokens at a lower price and make a profit. To prevent this, technology from Oracle and various other vendors are required to increase security. The amount of damage caused by flash loan attacks reached $157 million in May alone.  Damage cases such as Merlin (MERL), autoshark (autoshark), Value DeFi (Value DeFi), and pancake bunny (BUNNY) continue to increase. In fact, a team of professional hackers has recently been observed targeting BSC.

In addition, there have been a series of attacks in which hackers captured users’ private keys by intercepting the DNS connections of CREAM and CAKE distributed in BSC. This shows that BSC is not even properly maintaining basic security. If the projects’ security is this weak, there is no guarantee that another incident will not occur in the future. To address the subject, Binance recently published a post on its official blog entitled “Cryptonomics: Crypto Scams and How to Avoid Them” in which it urged caution from users. The main message is that BSC is further emphasizing that the responsibility for using DeFi service lies with the user. To quote from the blog “Cryptocurrency scams are becoming increasingly more prevalent and effective, utilizing new cunning tactics to deceive investors. In order to maintain a safe portfolio, it is essential to know the different forms of scams and how to avoid them. Do your own research.” “Anyone can distribute a bad or scam project on BSC. However, there currently are no technical methods to prevent this […] Because we are a community, we hope we can protect each other from being harmed by scam projects”, the blog continues. Last month, Binance Business and Ecosystem Development Coordinator Samy Karim stated at Consensus 2021: “Binance is not responsible for ‘dine and dash’ incidents on BSC and even if there is damage, roll-back is impossible.” His stance is that above all, investors should exercise caution when making investments relate to BSC.

Crypto In, More Crypto Out. It's that simple.

The best way to grow your crypto asset is here.
Effortless yet stable. That’s how your earnings should be.

DeFi still has great growth potential, but there is also regulatory risk

Although there has been an incessant stream of incidents recently involving DeFi service, the rate of return is at an all-time high, suggesting that there is still a high possibility of future development.  As reported by cryptocurrency media outlet The Block, the Ethereum-based DeFi protocol recorded $371.6 billion in revenue last month. The report concludes: “Decentralized finance (DeFi) protocols built on Ethereum produced all-time high revenues in May, according to data compiled by The Block. […] As expected, much of the revenue went to the supply-side — that is, those providing liquidity to the protocols.” The explanation given is that the number of users who provide liquidity to decentralized exchanges such as UNI Swap (UNI), SUSHI Swap (SUSHI) and AAVE and get profits has greatly increased.

Umar Farooq, Blockchain Team Leader at JP Morgan Onyx summarized JP Morgan’s view on the issue: “We are watching the evolution of DeFi. Actually programming what money can do for you, whether it’s conditional payments, whether it’s things like tax assessments. That’s all very rule based and, in the past, you would have to send specific instructions to a bank like JPMorgan. We increasingly want you to be able to program these things, and actually tell the money what to do.” “ETH 2.0 staking will be a very interesting development. More doors may be opened to get involved in the Ethereum ecosystem”, he added. This view underscores that DeFi has many areas for future development and ample potential. In a similar vein, the University of Pennsylvania’s Wharton School recently observed in a report jointly published with the World Economic Forum (WEF): “Decentralized finance has the potential to transform global finance.” The report concludes: “However, today, DeFi is concentrated on speculation, leverage and maximizing returns in the existing digital asset community, which limits it. […] The DeFi industry is still immature, but now is the time to embrace this new technology.”

Despite this potential, caution is needed as DeFi faces great risk in the area of regulation. U.S. Commodities and Futures Trading Commission (CFTC) Commissioner Dan Berkovitz recently remarked at an online forum on derivatives asset management that DeFi derivatives may be illegal in the US.  His explanation is worth quoting at length: “Federal law “does not contain any exception” for decentralized finance markets. DeFi markets for derivative instruments – meaning futures contracts, for example – may not be legal under the Commodity Exchange Act, a U.S. law that governs such products and requires them to trade only on regulated designated contract markets (DCMs). In a pure ‘peer-to-peer’ DeFi system, none of these benefits or protections exist. There is no intermediary to monitor markets for fraud and manipulation, prevent money laundering, safeguard deposited funds, ensure counterparty performance or make customers whole when processes fail.” With DeFi, there are no organizations to monitor market manipulation, no adequate regulations to prevent money laundering, and no intermediaries to provide custody services.

There is no 100% safe DeFi…ultimately, it is up to user caution

A prominent reason for using DeFi services is the ability to earn a relatively higher interest rate than bank interest in a short period of time. However, experts also advise that users should be particularly careful in order to avoid harm while using DeFi services. Independent consultant Choi Yoon Sung summed up the situation in an interview with D.Street: “Even security audit companies do not completely verify user scenarios one by one, so even if the DeFi service has undergone a security audit, it does not completely prove that there are no bugs or accidents. In the end, users have to be careful.” He advised that “Users should have a clear understanding of how the DeFi platform is generating revenue. […] Most of this information is made public through governance voting, so it is necessary to continuously check the details.”

On the other hand, a DeFi-related service was recently listed in the US retirement pension service (401K), which highlights that the future development potential is getting more attention. According to crypto media outlet Decrypt: “401K provider ForUsAll announced on Monday it will let employees add crypto to their portfolios […], including more exotic ones from the world of decentralized finance (DeFi) such as Algorand and Uniswap.” ForUsAll currently provides 401K services to approximately 70,000 employees at hundreds of companies in the United States. Some consider the fact that DeFi is included in the retirement pension service a sign that there will be more service areas related to DeFi in the future.

try investing

No Matter How Much You Own.
No Fee, No Barriers.

The crypto market may be volatile but your crypto doesn’t have to be. We know crypto, we know how you can earn better. When the market fluctuates, we surf on it.