Ngành tài chính phi tập trung (DeFi) đã mất hơn một tỷ đô la cho tin tặc trong vài tháng qua, và tình hình dường như đang vượt ra khỏi tầm kiểm soát.
Theo thống kê mới nhất, khoảng 1,6 tỷ đô la tiền điện tử đã bị đánh cắp từ nền tảng DeFi trong quý đầu tiên của năm 2022. Hơn nữa, hơn 90% của tất cả các mật mã bị cướp là từ các giao thức DeFi bị tấn công.
These figures highlight a dire situation that is likely to persist over the long term if ignored.
Tại sao tin tặc thích nền tảng DeFi
Trong những năm gần đây, tin tặc đã tăng lên các hoạt động nhắm vào các hệ thống DeFi. Một lý do chính là lý do tại sao các nhóm này được thu hút vào lĩnh vực này là số tiền tuyệt đối mà các nền tảng tài chính phi tập trung nắm giữ. Các nền tảng DeFi hàng đầu xử lý hàng tỷ đô la trong các giao dịch mỗi tháng. Như vậy, phần thưởng là cao cho tin tặc có khả năng thực hiện các cuộc tấn công thành công.
Thực tế là hầu hết các mã giao thức DeFi là mã nguồn mở cũng khiến chúng thậm chí còn dễ bị đe dọa an ninh mạng hơn.
This is because open source programs are available for scrutiny by the public and can be audited by anyone with an internet connection. As such, they are easily scoured for exploits. This inherent property allows hackers to analyze DeFi applications for integrity issues and plan heists in advance.
Một số nhà phát triển DeFi cũng đã góp phần vào tình huống này bằng cách cố tình bỏ qua các báo cáo kiểm toán an ninh nền tảng được công bố bởi các công ty an ninh mạng được chứng nhận. Một số nhóm phát triển cũng khởi động các dự án DeFi mà không phải phân tích bảo mật sâu rộng. Điều này làm tăng xác suất mã hóa lỗi.
Another dent in the armor when it comes to DeFi security is the interconnectivity of ecosystems. DeFi platforms are typically interconnected using cross-bridges, which bolster convenience and versatility.
While cross-bridges provide enhanced user experience, these crucial snippets of code connect huge networks of distributed ledgers with varying levels of security. This multiplex configuration allows DeFi hackers to harness the capabilities of multiple platforms to amplify attacks on certain platforms. It also allows them to quickly transfer ill-gotten funds across multiple decentralized networks seamlessly.
Besides the aforementioned risks, DeFi platforms are also prone to insider sabotage.
Vi phạm bảo mật
Tin tặc đang sử dụng một loạt các kỹ thuật để xâm nhập vào các hệ thống chu vi DeFi dễ bị tổn thương.
Vi phạm an ninh là một sự xuất hiện phổ biến trong lĩnh vực DeFi. Theo báo cáo Chainalysis 2022, khoảng 35% của tất cả các mật mã bị đánh cắp trong hai lần qua năm là do vi phạm an ninh.
Nhiều người trong số họ xảy ra do mã bị lỗi. Tin tặc thường dành nguồn lực đáng kể để tìm ra lỗi mã hóa hệ thống cho phép họ thực hiện các loại tấn công này và thường sử dụng các công cụ theo dõi lỗi tiên tiến để hỗ trợ họ trong việc này.
Another common tactic used by threat actors to seek out vulnerable platforms is tracking down networks with unpatched security issues that have already been exposed but yet to be implemented.
Tin tặc đằng sau cuộc tấn công hack Wormhole DeFi gần đây dẫn đến việc mất khoảng $325 triệu thẻ kỹ thuật số được báo cáo là đã sử dụng chiến lược này. Một phân tích các cam kết mã tiết lộ rằng một bản vá lỗ hổng được tải lên kho GitHub của nền tảng đã được khai thác trước khi bản vá được triển khai.
The mistake enabled the intruders to forge a system signature that allowed the minting of 120,000 Wrapped Ether (wETH) coins valued at $325 million. The hackers then sold the wETH for about $250 million in Ether (ETH). The exchanged Ethereum coins were derived from the platform’s settlement reserves, thereby leading to losses.
Dịch vụ Wormhole hoạt động như một cầu nối giữa các chuỗi. Nó cho phép người dùng chi tiêu tiền điện tử gửi vào các thẻ bọc trên các chuỗi. Điều này được thực hiện bằng cách đúc các thẻ bao bọc giun, làm giảm bớt sự cần thiết phải trao đổi hoặc chuyển đổi các đồng tiền gửi trực tiếp.
Gầnđây: Cách lưu trữ blockchain có thể thay đổi cách chúng ta ghi lại lịch sử trong thời chiến
Các cuộc tấn công cho vay Flash
Các khoản vay flash là các khoản vay DeFi không có bảo đảm không yêu cầu kiểm tra tín dụng. Chúng cho phép các nhà đầu tư và nhà giao dịch vay vốn ngay lập tức.
Because of their convenience, flash loans are usually used to take advantage of arbitrage opportunities in connected DeFi ecosystems.
In flash loan attacks, lending protocols are targeted and compromised using price manipulation techniques that create artificial price discrepancies. This allows bad actors to buy assets at hugely discounted rates. Most flash loan attacks take minutes and sometimes seconds to execute and involve several interlinked DeFi protocols.
One way through which attackers manipulate asset prices is by targeting assailable price oracles. DeFi price oracles, for example, draw their rates from external sources such as reputable exchanges and trade sites. Hackers can, for example, manipulate the source sites to trick oracles into momentarily dropping the value of targeted asset rates so that they trade at lower prices compared to the wider market.
Attackers then buy the assets at deflated rates and quickly sell them at their floating exchange rate. Using leveraged tokens obtained through flash loans allows them to magnify the profits.
Besides manipulating prices, some attackers have been able to carry out flash loan attacks by hijacking DeFi voting processes. Most recently, Beanstalk DeFi incurred a $182 million loss after an attacker took advantage of a shortcoming in its governance system.
The Beanstalk development team had included a governance mechanism that allowed participants to vote for platform changes as a core functionality. This setup is popular in the DeFi industry because it upholds democracy. Voting rights on the platform were set to be proportional to the value of native tokens held.
An analysis of the breach revealed that the attackers obtained a flash loan from the Aave DeFi protocol to get almost $1 billion in assets. This enabled them to get a 67% majority in the voting governance system and allowed them to unilaterally approve the transfer of assets to their address. The perpetrators made off with about $80 million in digital currencies after repaying the flash loan and related surcharges.
Approximately $360 million worth of crypto coins was stolen from DeFi platforms in 2021 using flash loans, according to Chainalysis.
Where does stolen crypto go?
For a long time now, hackers have used centralized exchanges to launder stolen funds, but cybercriminals are beginning to ditch them for DeFi platforms. In 2021, cybercriminals sent about 17% of all illicit crypto to DeFi networks, which is a significant jump from 2% in 2020.
Market pundits theorize that the shift to DeFi protocols is because of the wider implementation of more stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) processes. The procedures compromise the anonymity sought after by cybercriminals. Most DeFi platforms forego these crucial processes.
Centralized exchanges are also, now more than ever before, working with authorities to counter cybercrime. In April, the Binance exchange played an instrumental role in the recovery of $5.8 million in stolen cryptocurrencies that was part of a $625 million stash stolen from Axie Infinity. The money had initially been sent to Tornado Cash.
Tornado Cash is a token anonymization service that obfuscates the origin of funds by fragmenting on-chain links that are used to trace transacting addresses.
A portion of the stolen funds was, however, tracked by blockchain analytic firms to Binance. The loot was held in 86 addresses on the exchange.
In the aftermath of the incident, a spokesperson for the United States Treasury Department underlined that crypto exchanges that handle money from blacklisted crypto address risk sanctions.
Tornado Cash also seems to be cooperating with the authorities to stop the transfer of stolen funds to its network. The company has said that it will be implementing a monitoring tool to help identify and block embargoed wallets.
There seems to be some progress in the seizure of nicked assets by the authorities. Earlier this year, the U.S. Department of Justice announced the seizure of $3.6 billion in crypto and arrested two people who were involved in laundering the funds. The money was part of the $4.5 billion purloined from the Bitfinex crypto exchange in 2016.
The crypto seizure was among the biggest ever recorded.
DeFi CEOs speak about the current situation
Speaking exclusively to Cointelegraph earlier this week, Eric Chen, CEO and co-founder of Injective Labs — an interoperable smart contracts platform optimized for decentralized finance applications — said that there is hope that the problems will subside.
“We are seeing the tide continuing to subside, as more robust security standards are put into place. With proper testing and further security infrastructures put into place, DeFi projects will be able to prevent common exploit risks in the future,” he said.
On the measures that his network was taking to avert hack attacks, Chen provided an outline:
“Injective ensures a more tightly defined application-centric security model compared to traditional Ethereum Virtual Machine-based DeFi applications. The design of the blockchain and the logic of core modules protect Injective from common exploits such as re-entrancy, maximum extractable value and flash loans. Applications built on top of Injective are able to benefit from the security measures that are implemented in the blockchain on the consensus level.”
Recent: Rising global adoption positions crypto perfectly for use in retail
Cointelegraph also had the chance to speak with Konstantin Boyko-Romanovsky, CEO and founder of Allnodes — a non-custodial hosting and staking platform — about the increase in hack incidences. Regarding the main catalysts behind the trend, he said:
“No doubt it will take some time to lower the risk of DeFi hacks. It is unlikely, however, that it will happen overnight. There is a lingering sense of a race in DeFi. Everyone seems to be in a hurry, including the project founders. The market is evolving faster than the speed at which programmers write code. Good players who take every precaution are in the minority.”
He also provided some insight on procedures that would help counteract the problem:
“The code must get better and smart contracts must be thoroughly audited, that’s for sure. In addition, users should be constantly reminded of cautious etiquette online. Identifying any flaws can be attractively incentivized. This, in turn, might promote healthier conduct across a particular protocol.”
The DeFi industry is having a hard time thwarting hack attacks. There is, however, hope that increased monitoring from the authorities and greater cooperation among exchanges will help curb the scourge.
