DeFi Hacks Keep Adding Up as Scammers Exploit Code Ethos
Scammers who ransacked cryptocurrency projects to the tune of hundreds of millions of dollars in recent months have been able to carry out such heists by taking advantage of a central tenet of decentralized financial services. While DeFi projects promise to enable more efficiency in crypto transactions, much of the code undergirding the software is public, meaning anyone online can scan it for possible vulnerabilities they can exploit. The threat is reminiscent of a weakness in the popular Log4j code library that made it possible for suspected Iranian hackers to target Israel with ransomware, for instance. “DeFi itself is a specific vulnerability,” said Erin Plante, senior director of investigations at the crypto-tracking firm Chainalysis. “Decentralization is the whole ethos.” In August alone, attackers leveraged hard-to-spot digital vulnerabilities in the infrastructure that undergirds crypto projects to steal $270 million, according to figures from the blockchain security company CertiK. That figure includes an incident in which outsiders drained $190 million from Nomad, a “bridge” service that enables users to convert one kind of cryptocurrency to another.