fbpx
Connect with us

Bit Coin

DeFi attacks are on the rise — Will the industry be able to stem the tide?

Published

on

DeFi attacks are on the rise — Will the industry be able to stem the tide?

The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control.

According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols.

These figures highlight a dire situation that is likely to persist over the long term if ignored.

Why hackers prefer DeFi platforms

In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to why these groups are drawn to the sector is the sheer amount of funds that decentralized finance platforms hold. Top DeFi platforms process billions of dollars in transactions each month. As such, the rewards are high for hackers who are able to carry out successful attacks.

The fact that most DeFi protocol codes are open source also makes them even more prone to cybersecurity threats.

This is because open source programs are available for scrutiny by the public and can be audited by anyone with an internet connection. As such, they are easily scoured for exploits. This inherent property allows hackers to analyze DeFi applications for integrity issues and plan heists in advance.

Some DeFi developers have also contributed to the situation by deliberately disregarding platform security audit reports published by certified cybersecurity firms. Some development teams also launch DeFi projects without subjecting them to extensive security analysis. This increases the probability of coding defects.

Another dent in the armor when it comes to DeFi security is the interconnectivity of ecosystems. DeFi platforms are typically interconnected using cross-bridges, which bolster convenience and versatility.

While cross-bridges provide enhanced user experience, these crucial snippets of code connect huge networks of distributed ledgers with varying levels of security. This multiplex configuration allows DeFi hackers to harness the capabilities of multiple platforms to amplify attacks on certain platforms. It also allows them to quickly transfer ill-gotten funds across multiple decentralized networks seamlessly.

Besides the aforementioned risks, DeFi platforms are also prone to insider sabotage.

Security breaches

Hackers are using a wide range of techniques to infiltrate vulnerable DeFi perimeter systems. 

Security breaches are a common occurrence in the DeFi sector. According to the 2022 Chainalysis report, approximately 35% of all stolen crypto in the past two years is attributed to security breaches.

Many of them occur due to faulty code. Hackers usually dedicate significant resources to finding systemic coding errors that allow them to carry out these types of attacks and typically utilize advanced bug tracker tools to aid them in this.

Another common tactic used by threat actors to seek out vulnerable platforms is tracking down networks with unpatched security issues that have already been exposed but yet to be implemented.

Hackers behind the recent Wormhole DeFi hack attack that led to the loss of about $325 million in digital tokens are reported to have used this strategy. An analysis of code commits revealed that a vulnerability patch uploaded to the platform’s GitHub repository was exploited before the patch was deployed.

The mistake enabled the intruders to forge a system signature that allowed the minting of 120,000 Wrapped Ether (wETH) coins valued at $325 million. The hackers then sold the wETH for about $250 million in Ether (ETH). The exchanged Ethereum coins were derived from the platform’s settlement reserves, thereby leading to losses.

The Wormhole service acts as a bridge between chains. It allows users to spend deposited cryptocurrencies in wrapped tokens across chains. This is accomplished by minting Wormhole-wrapped tokens, which alleviate the need to swap or convert the deposited coins directly.

Recent: How blockchain archives can change how we record history in wartime

Flash loan attacks

Flash loans are unsecured DeFi loans that require no credit checks. They enable investors and traders to borrow funds instantly.

Because of their convenience, flash loans are usually used to take advantage of arbitrage opportunities in connected DeFi ecosystems.

In flash loan attacks, lending protocols are targeted and compromised using price manipulation techniques that create artificial price discrepancies. This allows bad actors to buy assets at hugely discounted rates. Most flash loan attacks take minutes and sometimes seconds to execute and involve several interlinked DeFi protocols.

One way through which attackers manipulate asset prices is by targeting assailable price oracles. DeFi price oracles, for example, draw their rates from external sources such as reputable exchanges and trade sites. Hackers can, for example, manipulate the source sites to trick oracles into momentarily dropping the value of targeted asset rates so that they trade at lower prices compared to the wider market.

Attackers then buy the assets at deflated rates and quickly sell them at their floating exchange rate. Using leveraged tokens obtained through flash loans allows them to magnify the profits.

Besides manipulating prices, some attackers have been able to carry out flash loan attacks by hijacking DeFi voting processes. Most recently, Beanstalk DeFi incurred a $182 million loss after an attacker took advantage of a shortcoming in its governance system.

The Beanstalk development team had included a governance mechanism that allowed participants to vote for platform changes as a core functionality. This setup is popular in the DeFi industry because it upholds democracy. Voting rights on the platform were set to be proportional to the value of native tokens held.

An analysis of the breach revealed that the attackers obtained a flash loan from the Aave DeFi protocol to get almost $1 billion in assets. This enabled them to get a 67% majority in the voting governance system and allowed them to unilaterally approve the transfer of assets to their address. The perpetrators made off with about $80 million in digital currencies after repaying the flash loan and related surcharges.

Approximately $360 million worth of crypto coins was stolen from DeFi platforms in 2021 using flash loans, according to Chainalysis.

Where does stolen crypto go?

For a long time now, hackers have used centralized exchanges to launder stolen funds, but cybercriminals are beginning to ditch them for DeFi platforms. In 2021, cybercriminals sent about 17% of all illicit crypto to DeFi networks, which is a significant jump from 2% in 2020.

Market pundits theorize that the shift to DeFi protocols is because of the wider implementation of more stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) processes. The procedures compromise the anonymity sought after by cybercriminals. Most DeFi platforms forego these crucial processes.

Cooperation with the authorities

Centralized exchanges are also, now more than ever before, working with authorities to counter cybercrime. In April, the Binance exchange played an instrumental role in the recovery of $5.8 million in stolen cryptocurrencies that was part of a $625 million stash stolen from Axie Infinity. The money had initially been sent to Tornado Cash.

Tornado Cash is a token anonymization service that obfuscates the origin of funds by fragmenting on-chain links that are used to trace transacting addresses.

A portion of the stolen funds was, however, tracked by blockchain analytic firms to Binance. The loot was held in 86 addresses on the exchange.

In the aftermath of the incident, a spokesperson for the United States Treasury Department underlined that crypto exchanges that handle money from blacklisted crypto address risk sanctions.

Tornado Cash also seems to be cooperating with the authorities to stop the transfer of stolen funds to its network. The company has said that it will be implementing a monitoring tool to help identify and block embargoed wallets.

There seems to be some progress in the seizure of nicked assets by the authorities. Earlier this year, the U.S. Department of Justice announced the seizure of $3.6 billion in crypto and arrested two people who were involved in laundering the funds. The money was part of the $4.5 billion purloined from the Bitfinex crypto exchange in 2016.

The crypto seizure was among the biggest ever recorded.

DeFi CEOs speak about the current situation

Speaking exclusively to Cointelegraph earlier this week, Eric Chen, CEO and co-founder of Injective Labs — an interoperable smart contracts platform optimized for decentralized finance applications — said that there is hope that the problems will subside.

“We are seeing the tide continuing to subside, as more robust security standards are put into place. With proper testing and further security infrastructures put into place, DeFi projects will be able to prevent common exploit risks in the future,” he said.

On the measures that his network was taking to avert hack attacks, Chen provided an outline:

“Injective ensures a more tightly defined application-centric security model compared to traditional Ethereum Virtual Machine-based DeFi applications. The design of the blockchain and the logic of core modules protect Injective from common exploits such as re-entrancy, maximum extractable value and flash loans. Applications built on top of Injective are able to benefit from the security measures that are implemented in the blockchain on the consensus level.”

Recent: Rising global adoption positions crypto perfectly for use in retail

Cointelegraph also had the chance to speak with Konstantin Boyko-Romanovsky, CEO and founder of Allnodes — a non-custodial hosting and staking platform — about the increase in hack incidences. Regarding the main catalysts behind the trend, he said:

“No doubt it will take some time to lower the risk of DeFi hacks. It is unlikely, however, that it will happen overnight. There is a lingering sense of a race in DeFi. Everyone seems to be in a hurry, including the project founders. The market is evolving faster than the speed at which programmers write code. Good players who take every precaution are in the minority.”

He also provided some insight on procedures that would help counteract the problem:

“The code must get better and smart contracts must be thoroughly audited, that’s for sure. In addition, users should be constantly reminded of cautious etiquette online. Identifying any flaws can be attractively incentivized. This, in turn, might promote healthier conduct across a particular protocol.”

The DeFi industry is having a hard time thwarting hack attacks. There is, however, hope that increased monitoring from the authorities and greater cooperation among exchanges will help curb the scourge.

Go to Source

Bit Coin

LUNA Investor Arrested for Knocking on Do Kwon’s Door After Losing $2.4 Million in Terra Crash

Published

on

LUNA Investor Arrested for Knocking on Do Kwon’s Door After Losing $2.4 Million in Terra Crash

LUNA Investor Arrested for Knocking on Do Kwon's Door After Losing $2.4 Million in Terra Crash

A crypto investor has been arrested after knocking on Do Kwon’s door following the collapse of cryptocurrency terra (LUNA) and stablecoin terrausd (UST). He lost about $2.4 million and is now under investigation by the South Korean police. “I felt like I was going to die,” he said about losing his investments.

Investor Under Investigation for Going to Do Kwon’s Home

The collapse of cryptocurrency terra (LUNA) and stablecoin terrausd (UST) has wiped out a large number of investors. One investor in particular sought direct answers from Kwon Do-hyung (aka Do Kwon), CEO of Terraform Labs who is behind the two cryptocurrencies.

The investor, known as “Chancers,” is a Korean social media personality who conducts streams on cryptocurrency-related topics. He lost around 3 billion won ($2.4 million) in the LUNA and UST collapse. He told BBC News:

I felt like I was going to die. I lost a lot of money in a short period of time. Around $2.4m of my cryptocurrency was wiped out.

He explained that he was angry with the lack of communication from Do Kwon after LUNA and UST went into freefall. He then searched online and found Kwon’s home address in Seoul.

“I wanted to ask him about his plans for LUNA,” Chancers said. “I suffered a huge loss and wanted to talk to him directly.”

The frustrated investor traveled across his home city and knocked on Kwon’s door on May 12. He streamed the event on his online channel; about 100 people were watching at the time.

However, after ringing the doorbell of Kwon’s condominium, his wife answered the door and said her husband was not home. She also called the police but Chancers already left the building when they arrived.

The investor found out the next day that the police were looking for him. He then surrendered himself at Seoul’s Seongdong Police Station on the morning of May 13.

“I surrendered myself to the police station twice,” Chancers stressed, insisting: “I didn’t trespass on Do Kwon’s property, but according to Korean law, it’s illegal to just go there and try to talk. I didn’t know.”

Chancers told the news outlet that he expects to face a fine and a criminal record that could make his life difficult. He opined:

It’s so hard. I lost a lot of money and now I’m being investigated by the police. I originally served as a civil servant in Korea. But if I am convicted of this case, I may not be able to return to the civil service again.

“In Korean culture, the problem itself is not important but rather the fact that it caused a scandal,” he explained. “I even had to apologize publicly as a sinner. I had no idea this would be so big. It’s very sad.”

Do Kwon claims that he has been in Singapore since December last year. However, he dissolved Terraform Labs Korea and shut down the company’s Korean offices just days before LUNA and UST collapsed.

South Korean authorities have launched an emergency investigation into the implosion of the two coins. This week, the Korean police asked crypto exchanges to freeze the assets of the Luna Foundation Guard.

Do you think it was wrong for the investor to knock on Do Kwon’s door after he lost millions in the LUNA and UST crash? Let us know in the comments section below.

Kevin Helms

A student of Austrian Economics, Kevin found Bitcoin in 2011 and has been an evangelist ever since. His interests lie in Bitcoin security, open-source systems, network effects and the intersection between economics and cryptography.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Go to Source

Continue Reading

Bit Coin

Hardware Wallet D’CENT Offers Multiple Ways Which Can Help Users Bypass Crypto Exchanges

Published

on

Hardware Wallet D’CENT Offers Multiple Ways Which Can Help Users Bypass Crypto Exchanges

press release

PRESS RELEASE. D’CENT Hardware Wallet recently added a new user-focused feature named ‘Exchange’ under the platform’s ‘Discovery’ tab menu, allowing users to exchange multiple network cryptocurrency assets with only a few clicks. Furthermore, users may acquire cryptocurrencies using their credit cards directly from the ‘Buy Cryptocurrency’ tab, thereby bypassing the need for crypto exchanges.

Details about the wallet

D’CENT provides three types of wallets, namely ‘Biometric’, ‘Card Type’, and ‘App’, all of which are handled through a single D’CENT mobile application that is fully compatible with both iOS and Android smartphones.

D’CENT users may convert their cryptocurrencies into supported coins using the ‘Exchange’ menu and can purchase crypto via the ‘Buy Cryptocurrency’ options without using traditional exchange services as aforementioned. In this way, D’CENT has effectively eliminated the need for users to register their crypto wallet addresses which means that they are given an easy and safe user experience, since these services shall instantly recognize D’CENT wallet addresses which would help make the entire process both quicker and more seamless.

What makes the wallet so special?

Apart from the aforementioned features, D’CENT will also be working alongside the ChangeNOW and Changelly crypto exchanges, as well as Simplex, Wyre and MoonPay for the purposes of buying crypto assets. D’CENT wallets also currently support over 40 main network coins. Additionally, more than 20 main network oriented decentralized application (Dapp) services are also supported via the ‘Discovery’ tab.

NFTs based on Ethereum, Polygon, Klaytn, Luniverse and HECO can also be managed through the wallets. In addition, D’CENT will focus on incorporating different features which will be verified via the wallet in order to provide both enhanced user focus alongside an intuitive user experience based on blockchain services. Lastly, Metamask integration for PC and support for upto 100 main networks will also be prioritized going forward.

About D’CENT

D’CENT Wallet is a safe, easy to use, and reliable hardware wallet that boasts enhanced crypto protection built on the highest security standards. IoTrust developed D’CENT Wallet as a startup built by security professionals with more than 15 years of security and technical expertise in designing deeply embedded security solutions focused around secure-chip technology (SE and TEE). Essentially, D’CENT Wallet combines hardware and software and security methods to safeguard users’ digital assets.

For more information, check out the official website as well as the Twitter, Medium, YouTube and Facebook channels.


This is a press release. Readers should do their own due diligence before taking any actions related to the promoted company or any of its affiliates or services. Bitcoin.com is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in the press release.

Bitcoin.com Media

Bitcoin.com is the premier source for everything crypto-related.
Contact [email protected] to talk about press releases, sponsored posts, podcasts and other options.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Go to Source

Continue Reading

Bit Coin

Acquiring a Home With Bitcoin — A Deep Dive Into the Latest Crypto-Backed Mortgage Trend

Published

on

Acquiring a Home With Bitcoin — A Deep Dive Into the Latest Crypto-Backed Mortgage Trend

During the last few years, cryptocurrencies have been integrated into traditional finance tools like automated teller machines (ATMs), loadable debit cards, point-of-sale devices, and direct payments for all kinds of goods and services. Digital assets have also been added to retirement account offerings issued by financial giants like Fidelity. In recent times, cryptocurrencies can be further capitalized to put a down payment on a mortgage or get a conventional home loan using bitcoin as collateral.

Crypto-Backed Conventional Home Loans

These days, at least in the United States, banks require at least 20% down if a person or a couple wants to purchase a home by leveraging a conventional loan. Typically, people use cash for collateral or a down payment, but Americans can also utilize things like business equipment, inventory, invoices, blanket liens, and even other forms of real estate to secure a traditional mortgage.

As of April 8, 2022, the median home price in the U.S. was $392,000, which means a buyer needs $78,400 in collateral to secure a conventional bank loan. While crypto assets can be utilized to load debit cards and pay for items via point-of-sale commerce, there’s not many firms that allow people to use digital currencies for a crypto-backed loan.

Interested home buyers looking to leverage their crypto assets to buy a home can use firms like Milo and Abra. In the future, Figure Technologies and Ledn aim to offer crypto-backed mortgage products.

However, there are a couple of companies right now, either offering loans that utilize crypto assets for collateral or that are planning to do so in the near future. Moreover, some firms that planned to offer crypto-backed loans gave up on the idea shortly after.

For instance, the second-largest mortgage lender in the U.S., United Wholesale Mortgage, announced it would accept bitcoin (BTC) for mortgages at the end of August 2021. However, a few months later, United Wholesale Mortgage revealed the company decided not to offer the crypto services.

The company’s CEO, Mat Ishbia, told CNBC in October 2021 that the lender did not think it was worth it. “Due to the current combination of incremental costs and regulatory uncertainty in the crypto space we’ve concluded we aren’t going to extend beyond a pilot at this time,” Ishbia explained to CNBC’s MacKenzie Sigalos.

Crypto-Backed Home Loans Provided by Abra and Milo

Meanwhile, a financial services firm that just recently announced crypto-backed home loans is the cryptocurrency firm Abra. The company, founded in 2014 by former Goldman Sachs fixed income analyst Bill Barhydt, has provided digital asset trading services and a cryptocurrency wallet for over seven years.

Abra CEO Bill Barhydt revealed that the company would offer home loans via Abra’s Borrow application and a partnership with the company Propy.

On April 28, 2022, Abra announced it has partnered with the company Propy and homebuyers can secure a home loan using crypto as collateral via the Abra Borrow platform. The Abra lending application has various interest rates, depending on how much crypto collateral is added, from 0 to 9.95%.

“While digital asset investment has skyrocketed, most investors are unable to use their cryptocurrency holdings to directly fund the most important purchase in their life, a home,” Abra’s CEO Bill Barhydt explained during the announcement. “Our partnership with Propy solves this and is a major step in bridging the gap between crypto and real estate,” the Abra executive added.

In addition to Abra, a company called Milo is offering crypto-backed mortgages for people interested in purchasing real estate. Milo is a Florida-based startup that raised $17 million on March 9, 2022, in a Series A funding round. The California-based venture capital firm M13 led the funding round and QED Investors and Metaprop participated.

Milo offers crypto-backed mortgages and accepts BTC, ETH, and a few stablecoins.

Milo offers 30-year loans for borrowers looking to leverage up to $5 million. Milo accepts stablecoins, bitcoin (BTC), ethereum (ETH), and interest rates are between 5.95% and 6.95%, with loans that have two to three-week closing times. When Milo raised $17 million last March, Milo CEO Josip Rupena said the company’s efforts aim to enable crypto participants.

“This [funding] round of financing is a validation of Milo’s vision to empower global and crypto consumers and the opportunity to bridge the digital world with real-world real estate assets,” Rupena said at the time. “This is a multibillion-dollar opportunity, and we are proud to be pioneering the efforts in the U.S. for consumers that have unconventional wealth.”

Ledn and Figure Technologies Plan to Offer Crypto-Backed Mortgage Products

The crypto lender and savings platform Ledn revealed in December 2021 that it was readying “the impending launch of a bitcoin-backed mortgage product.” At the same time, the firm said that it raised $70 million from a handful of well-known investors.

While Ledn’s crypto-backed mortgages are not yet available, people can sign up to get on the waitlist.

Ledn was founded in 2018 and the company has raised a total of $103.9 million to date. At the time of writing, Ledn’s bitcoin-backed mortgage is not yet available, but people can sign up for Ledn’s mortgage product waitlist.

“By combining the appreciation potential of bitcoin with the price stability of real estate, this first-of-its-kind loan offers a balanced blend of wealth-building collateral,” Ledn’s mortgage web page says. “With the Bitcoin Mortgage, you can use your holdings to buy a new property, or finance the home you already own. Get a loan equal to your bitcoin holdings, without selling a satoshi.”

Figure Technologies also plans to provide a crypto-backed mortgage and people can sign up for a waitlist in order to access Figure’s upcoming product. Figure’s co-founder Mike Cagney explained at the end of March that the company was launching the mortgage program.

Figure aims to offer crypto-backed mortgages up to $20 million with varying interest rates, from 5.99% to 6.018% APR.

“Figure is launching a crypto-backed mortgage in early April,” Cagney said at the time. “100% LTV – you put up $5M in BTC or ETH, we give you a $5M mortgage. No painful process, no cash-out, any amount up to $20M, for a 30-year mortgage. You can make payments with your crypto collateral. And we don’t rehypothecate your crypto.”

While there’s not that many crypto-backed mortgage products today, the trend is starting to become a bit more prominent in 2022. If the trend continues, like crypto’s integration with ATMs, debit cards, and the myriad of traditional financial vehicles, the concept of buying a home with bitcoin will likely become a mainstay in society.

What do you think about the concept of crypto-backed mortgage products? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Go to Source

Continue Reading
Home | Latest News | Cryptocurrency | Bit Coin | DeFi attacks are on the rise — Will the industry be able to stem the tide?
a

Market

Trending