Kofi Kufuor proposed his own classification of attacks on decentralized finance (DeFi) protocols and indicated core vulnerabilities this turbulent segment is exposed to.
According to his detailed post, all attacks that resulted in money being stolen from crypto protocols can be divided into four types based on “vulnerability stack.”
1/ I collected data on over $4B of crypto application hacks
In this piece, I break down how the hacks were executed, the tools we have to stop history from repeating itself, and predictions for the future of crypto securityhttps://t.co/W2A9lPz69O
That said, all recent attacks are executed either against the ecosystem, protocol, smart contract language, or infrastructure. Infrastructure attacks target weaknesses of consensus, Internet systems behind DeFis, private keys and so on.
Smart contract language attacks exploit design flaws of programming languages used for smart contract creation. Protocol logic attacks are executed under bad business logic and tokenomical weaknesses.
Last but not least, ecosystem attacks target the interactions between various DeFi protocols: to initiate an attack (or amplify it), malefactors borrow money from one protocol and inject it into the liquidity pools of another DeFi.
Ecosystem attacks are the most frequent: over 41% of all DeFi hacks belong to this group. At the same time, should we exclude the three most devastating hacks from the analysis (Ronin Bridge, Poly Network, BNB Chain bridge), infrastructure attacks resulted in the largest losses.
Out of ecosystem hacks, flash loan attacks with price oracles are the most frequent; various attacks on private keys (phishing, brute force, compromised keys and so on) are dominant in anti-infrastructure hacks.
Ethereum-based apps witnessed $2 billion in stolen funds. More than one half of attacks in 2020-2022 targeted cross-network bridges and multi-blockchain apps.
Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.
Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)
Disclaimer: Any financial and market information given on U.Today is written for informational purpose only. Conduct your own research by contacting financial experts before making any investment decisions.