Decentralized Finance (DeFi) has taken the crypto ecosystem to a new level, featuring all sorts of financial services. This nascent sector took off in summer 2020 following the launch of the first governance token COMP, which set the stage for liquidity providing and yield farming. Today, the DeFi market has grown to over $150 billion in total value locked (TVL), according to Dappradar statistics.
While the growth has been impressive, DeFi has opened a window of opportunity for malicious players to siphon funds from protocols and unsuspecting users. Per the latest Cipher Trace report, DeFi hacks accounted for close to 76% of the major crypto market hacks during the first half of 2021. This figure has since grown bigger following recent hacks such as the BadgerDAO hack, where a total of $120 million worth of crypto tokens was stolen.
The Latest Million Dollar DeFi Hack
The BadgerDAO attack is the latest of many DeFi hacks that have taken place in 2021. According to a security follow-up by blockchain and data analytics firm PeckShield, the hackers transferred a total of 2.1k BTC and 151 ETH from multiple wallets that were connected to the BadgerDAO UI. It has since emerged that the hackers inserted a malicious script in BadgerDAO’s UI, enabling them to intercept transactions and drain tokens to their wallets.
In one instance, 900 BTC was transferred from a single wallet, likely the most affected user in the BadgerDAO hack. While BadgerDAO quickly swung into action and paused all its smart contracts, it appears that the hackers had inserted the malicious script as early as November 10th. However, they had been operating it in a random sequence to avoid attracting attention.
As far as DeFi hacks are concerned, the Poly Network hack is the largest one to date. This protocol was compromised back in August, with hackers draining an estimated $600 million worth of crypto tokens. In a surprising turnaround of events, the hacker later agreed to return the funds with Poly Network offering them a $500k bounty and chief security advisor position.
“As of now, Poly Network has regained control of the $610 million (not including the frozen $33 million USDT) in assets that were overall affected in this attack. Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners and the multiple security agencies for their assistance.” confirmed the Poly Network team.
Looking back at these events, it is quite evident that DeFi security is a major challenge in this growing ecosystem. While the Poly Network hack victims may have found a reprieve, BadgerDAO’s case remains uncertain. That said, it is fundamental for the DeFi community to establish proper security and compliance standards that will help mitigate such attacks in future.
Decentralized KYC Can Enhance DeFi Security
The introduction of KYC in crypto ecosystems might be controversial, but some experts like Cipher Trace chief financial analyst John Jefferies seem to agree on the need to implement proper security controls.
“If an anonymous hacker can steal millions of dollars from unnamable victims, then it’s clear this sector needs more effective security controls.” Jefferies recently told Cointelegraph.
Thanks to the capital inflow from VCs and individual investors, some DeFi projects are now focusing on the introduction of decentralized digital identities. One such innovation is the Selfkey ecosystem, which features a digital wallet that allows users to create authentic digital identities. Selkey users can leverage their digital identities as KYC to access various financial services, including fintech products, bank accounts and the Ethereum ecosystem.
Besides individual digital identities, Selfkey enables corporations to create decentralized digital IDs. Stakeholders can also include more information in the digital ID such as corporate identity documents. With this in place, Selfkey solves the long-standing barrier between institutions and the DeFi market. Notably, Selfkey users have an option to limit the level of KYC exposure depending on their preferences or compliance requirements.
As DeFi comes of age, it is inevitable for regulators to ignore the growing interest. This means that the community will likely be in a better position by innovating decentralized KYC tools to be used when necessary. However, as mentioned earlier, this is a contentious topic given that most DeFi die-hards believe the ecosystem should operate without interference from third parties or government agencies.
Wrap Up
Before the invention of Bitcoin, the only financial service providers were big banks and investment firms. While the pioneer digital asset primarily operates as a means of payment and store of value, emerging niches such as DeFi are giving big banks a run for their money. The value proposition of permissionless financial services cannot be underestimated in an era where a majority of the world’s population is still unbanked.
Nonetheless, security is a paramount issue for any market consumer, an area where DeFi has proven to fall short a couple of times. Going into the future, it will take the combined effort of innovators, consumers and regulators to make DeFi markets a secure investing ecosystem. This way, the industry will attract more individual and corporate players into the DeFi arena.