Scams and theft on DeFi platforms have netted cybercriminals $10.5 billion. Elliptic reveals this in a research report.
DeFi, scams and hacks boom in 2021
According to the revelation, users have suffered $12 billion in losses since 2020, but the majority of cases occurred in the current year.
This is due to the fact that DeFi has experienced monstrous growth. According to data from DefiPulse, the total value locked on DeFi platforms is currently $107 billion. Last year it was 12 billion. These numbers are enough to understand how decentralized finance has been able to attract investors.
After all, DeFi’s aim is to promote loans without intermediaries.
This is how it works, explained very briefly. Users leave their tokens in staking and earn interest on keeping them immovable. Other users can borrow those same tokens at very low interest, or they can deposit their tokens as collateral and get dollars in return.
However, alongside the most emblazoned and used platforms, hundreds have sprung up, some of which have turned out to be multi-million dollar traps.
The DeFi bugs
Tom Robinson, chief scientist at Elliptic, explained:
“The DeFi ecosystem is an incredibly exciting and fast-moving space, with financial services innovation happening at light speed. This is attracting large amounts of capital to projects that are not always robust or well-tested. Criminal actors have seen the opportunity to exploit this.”
Because in addition to scams, there are also errors in smart contract codes that create so-called flash loans, with which skilled hackers manage to drain pools of liquidity.
“Decentralized apps are designed to be trustless in that they eliminate any third-party control of users’ funds. But you must still trust that the creators of the protocol have not made a coding or design mistake that could lead to a loss of funds”.
One of the most egregious scams in DeFi was that of Squid Game. The token was named after the famous Netflix series, created on the Binance Smart Chain and listed on Pancake Swap. After the price skyrocketed, the token dropped to zero and the developers vanished into thin air with a $3 million haul.
Then there are the hacks due to errors in smart contracts discovered by experienced hackers. Cream Finance, for instance, has been hacked several times, the most recent of which netted cyber criminals $130 million.
Poly Network has a different story. The platform suffered an attack that robbed it of $600 million. But fortunately for Poly Network, it was a “white hacker“, an ethical hacker who returned the money. The purpose of the theft was to show that the platform had a vulnerability.
The SEC keeps watch
Partly because of the scams, partly because of the fear that everything decentralized is taking users away from what is centralized, the SEC is watching the DeFi industry closely. Chairman Gary Gensler has repeatedly observed that many platforms are not decentralized at all, so they should operate under the appropriate licences.
For the time being, Uniswap is in the crosshairs. However, it cannot be ruled out that the scope of the investigation may widen and that regulation to protect investors may soon be introduced.