There’s a lot of money flowing into DeFi. And thanks to hacks and exploits, there’s sometimes a lot of money flowing out, too.
Decentralized finance (DeFi) refers to blockchain applications that cut out middlemen from financial products and services like loans, savings, and swaps. While DeFi comes with high rewards, it also carries plenty of risks.
Since just about anyone can spin up a DeFi protocol and write some smart contracts, flaws in the code are common. And in DeFi, there are many unscrupulous actors ready and able to exploit those flaws. When that happens, millions of dollars are put on the line, often with no recourse for users.
DeFi users lost $10.5 billion to theft in 2021, according to a November report by Elliptic. But as our list of the 11 largest DeFi exploits shows, that figure has since grown by millions. (All figures below are in the values of the funds at the time of the incident.)
Grim Finance: $30 Million
Often dApps take thematic inspiration from the blockchains on which they’re built. As a result, the Avalanche ecosystem is chock-full of snow references, like Snowtrace, Blizz, and Defrost. Meanwhile, the Fantom ecosystem feels like an on-chain Halloween party. That adds a darker spin when things go wrong, as was the case with Grim Finance, a yield optimizer protocol.
In December 2021, the protocol suffered a reentrancy attack, a type of exploit where an attacker fakes additional deposits into a vault while a previous transaction has yet to be settled. Eventually, the attack tricked the smart contract into releasing $30 million in Fantom tokens.
DeFi protocols normally use reentrancy guards—pieces of code that prevent such attacks. Grim Finance’s audit report from Solidity Finance incorrectly stated that the protocol had reentrancy guards in place—a reminder that audits are no guarantee that exploits won’t happen.
© 2022 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.