The industry of DeFi has been growing at a fast pace, which makes crypto theft more attractive for hackers. Just three years ago, the value of it was barely $800 million. By February 2021, the sum was up to $40 billion. No wonder why more people are trying to make money in this sector, just as others are trying to take advantage of it.
A group of hackers stole about $600m in cryptocurrency last week from Poly Network. The blockchain site said they took advantage of one of the vulnerabilities between contract calls in the system, which allowed them to take thousands of tokens like Ether. A few hours later, the hackers restored the funds, first in small amounts, then in millions. The site also declared that the sum of money hacked was one of the biggest in the history of decentralized finance. Among the currencies taken were $267m of Ether, $252m Binance coins, and $85m in USD Coins.
Poly Network allows the users to make token transfers that are tied to a blockchain in a different network as decentralized finance. Binance’s chief executive, Changpeng Zhao, said the group was cooperating with all the security partners to help the situation since his firm was aware of what was happening. When analyzing the multiple hacks, the main vulnerabilities in the DeFi sector can be identified.
Usually, the attacker studies the project’s business model and the third-party services implemented. Mistakes in the business model and the third-party services are two of the main issues hackers take advantage of. Despite the simplicity of smart contracts, they’re still a new concept in the technology universe, and it requires a different paradigm of development. Commonly the developers in charge don’t have the skills for coding necessary for the task and end up making big mistakes. It’ll most likely end up in huge losses for the regular users. Security audits are implemented to eliminate part of the risk, but they can only help so much.
Whatever was the reason for the breach, the Network was lucky enough to get back almost all that was taken this time. Although, this will represent significant losses for the company since its security was breached and the trust of the users. We also have to keep in mind that it is always up to the user to decide if the risk of getting involved is worth it or not. Whenever choosing a platform, you should be conscient that there’s always a risk. Nobody can guarantee 100% safety of your assets, but some have better security methods implemented than others. Make sure you research enough through your options to make the decision you feel most comfortable with.