The decentralised finance (DeFi) and blockchain ecosystem is young, which makes it vulnerable to fairly simple flaws and requires a great deal of rigour to secure systems and exchanges.
To prove this, Bishop Fox researchers analysed the top 65 thefts from blockchain and DeFi applications in 2021 (totalling $1.8 billion) and were able to conclude that 90% of these thefts were the result of “unsophisticated attacks.”
And that the three main attack vectors in 2021 were:
- vulnerabilities in SmartContracts (51% of cases);
- protocol and design flaws (18%); and
- portfolio compromises (10%).
“We can see that in most cases, the attack came from a vulnerability in SmartContracts or in the very logic of the protocol. This is not surprising for a recent technology that may lack a certain technical hindsight on the implementation of security measures,” say the researchers.
Regarding vulnerabilities in SmartContracts, the three most exploited were known vulnerabilities, attacks exploiting forks of projects containing a vulnerability, and sophisticated attacks.
Bishop Fox believes that the vast majority of attacks could be prevented by robust auditing and testing each piece of the code before it goes into production. The company also encourages developers who use forks to regularly check the forked codes.
This requires a real paradigm shift: “DeFi developers tend to seek innovation in their algorithms more than protection,” the cybersecurity company points out.