DeFi Will be a Target if We Underestimate its Potential Risks: Acronis CISO

With the growing interest among investors in digital assets like cryptocurrency, there has been an exponential rise in thefts and crimes in decentralized finance (DeFi). A recent report by blockchain data platform, Chainalysis, claims that while there has been an exponential rise in crypto thefts in 2021, DeFi theft accounted for more than 70% of the thefts that happened in 2021.

While block chain ecosystem has always been criticized by cyber experts for poor security measures, DeFi platforms have been the most vulnerable zone. Kevin Reed, CISO, Acronis, explains the reasons behind DeFi crimes and the kind of precautions, investors should take to avoid falling into such theft.

What were the reasons behind this exponential rise in Defi Theft in recent months?

The primary reason for fraud and theft on DeFi products is because it is an immature technology mostly created by people with little or no security experience, yet these are still riding an ever-growing hype. But with the hype, scammers saw opportunity. In 2021, for example, many of the most notable hacks involved decentralized finance, or DeFi, projects, with more than $10 billion reportedly lost to DeFi theft and fraud. Experts recommend investors fully understand the risks surrounding cryptocurrency, and DeFi especially, before buying in. Also as long as website developers and individuals underestimate their risk factors, DeFi will be a target.

Blockchain, as a foundation, is a solid technology, its application as cryptocurrency (as Bitcoin, for example) is an interesting academic exercise, but its use via public-facing websites – created without any consideration for social and socio-security aspects of it – is incredibly damaging to the integrity of the process. “Crypto” means cryptography – but in the case of cryptocurrency, it’s come to mean something else, and it channels a false sense of security.

Essentially, the rise exists simply because it’s profitable. Cybercriminals will always focus on what makes them money without too much work.

Why DeFi is an easy target for cyber criminals?

As people manage it via websites – and as a result, all the usual security issues associated with that (on top of the vulnerabilities in smart contracts, like in the case of Solana) come up. People literally manage millions of dollars using websites created with sticks and duct tape, to put it bluntly.

We have seen crypto exchanges hacked and people phished out of all their money – there is no transaction revocation process, the security is minuscule, so naturally, the platform became a target for extremely persistent and skilled criminals, who are targeting it every day. Primarily, because core people involved (developers and users) are inexperienced – and transactions can’t be reversed, as it’s not a centralized thing.

Cybercriminals go out of their way to steal in-game items that cost in the range of hundreds to thousands of USD – and here we are talking about the perceived value of millions of dollars. I would be surprised if they hadn’t consistently tried to hack their way in.

What kind of security breaches lead to such theft?

We have seen breaches that range from stolen credentials to info stealer malware and clipboard replacement, and of course vulnerabilities in websites and the exchanges leading to wider breaches.

The attacks on DeFi are 90% the same that we know from the early days with online banking and credit cards, where you do social engineering, phishing to steal passwords, fake websites impersonating real services, hijacking DNS, or BGP to redirect web traffic, attacking exchanges, etc. On top of this, you have issues in the smart contracts which are basically small programs, often badly written and badly reviewed, so it allows us to drain money and do tricks, like flash loan attacks.

And last but not least, many people that investors don’t understand the dynamics of cryptocurrencies, stuff like an impermanent loss on liquidity provider pools – and therefore, they lose a lot of money, just because they want to get rich quick.

What kind of precautions, investors should take to avoid falling into such theft?

Not using the digital currency would be the only ultimate protection. The second best precaution I can recommend is to research the exchanges being used – to ensure investors are comfortable with the precautions taken by the exchange and to focus on personal OpSec to ensure their individual details aren’t easily stolen.

Now, what will happen in 2022? With the price of Bitcoin at an all-time high, attacks are increasing with threat actors following the profit. End-users have struggled with phishing attacks, info stealers, and malware that swaps wallet addresses in memory for quite a while. Besides these attacks, I’d expect to see more of them against smart contracts directly, attacking the programs at the heart of cryptocurrencies.

You can also expect attacks against Web 3.0 apps to be happening more frequently in 2022. These new markets open new opportunities for sophisticated attacks (e.g. those flash loan attacks), which may allow attackers to drain millions of dollars from cryptocurrency liquidity pools. As I said, as long as website developers and individuals underestimate their risk factors, DeFi will be a target.