According to recently released study released on Thursday, fraud and theft at decentralized financial platforms has totaled $10.5 billion (€9.3 billion) so far this year, exposing the risks in the fast-growing but still mostly unregulated domain of cryptocurrencies.
It’s all because of Decentralised Finance (DeFi) systems. DeFi is a blockchain-based platform that allows users to lend, borrow, and save (often in cryptocurrencies) without the need for traditional financial gatekeepers like banks. Instead, it employs smart contracts, which are software programs that enable for blockchain-based agreements.
Supporters argue that the technology allows for more affordable and efficient access to financial services. This year, money has poured into DeFi sites, matching the overall surge in interest in cryptocurrency. Many investors are enticed to DeFi by the promise of substantial returns on savings in the face of historically low or sub-zero interest rates.
According to Elliptic, a London-based blockchain analytics startup, criminality is rising in the relatively unregulated sector. Since 2020, users have lost over $12 billion (almost €11 million) due to fraud at DeFi apps, loan platforms, and exchanges, according to the report, with the majority of losses occurring in 2021 alone.
Code bugs and design flaws
Elliptic discovered that criminals target DeFi sites because of bugs in the coding and architectural weaknesses, and that deep pools of liquidity allow criminals to wash proceeds of crime while leaving minimal traces.
Scams are also widespread, according to the report.
“Decentralised apps are supposed to be trustless in the sense that they remove any third-party management of users’ funds,” said Tom Robinson of Elliptic. “However, you must trust that the protocol’s creators have not made a coding or design error that could result in a loss of cash.”
Major DeFi platforms claim to take a range of security measures, including engaging outside businesses to audit code for vulnerabilities and keeping keys and passwords required to access user wallets in secure locations. According to sector tracker DeFi Pulse, cryptocurrency worth $86 billion (about €76 billion) is currently kept on DeFi networks, up from $12 billion a year earlier.
Major investors have also invested heavily on the sector’s expansion, with Caisse de Dépôt et Placement du Québec, a Canadian pension fund, investing $400 million (€354 million) in major lending platform Celsius Network last month.
Poly Network, a DeFi site, was hit by a $610 million (€540 million) crypto theft in August, one of the largest ever, albeit the hacker later restored virtually all of the funds.