‘Centralization issues’ are the biggest culprits of DeFi attacks: CertiK

Published at: Jan. 11, 2022

Decentralized finance, better known as DeFi, may not be “decentralized” enough as attackers exploited centralized weak points to drain users of billions of dollars in 2021, according to research from blockchain security firm CertiK. 

In a new report on the state of DeFi security in 2021, CertiK researchers said “centralization issues were the most common attack vector” within decentralized finance. The blockchain security firm cited 44 DeFi hacks totaling $1.3 billion in lost funds in 2021. That’s an increase of over $500 million compared with 2021. 

“This underscores the importance of decentralization and highlights the fact that many projects still have work to do to reach this goal,” CertiK said, adding:

“Centralization is antithetical to the ethos of DeFi and poses major security risks. Single points of failure can be exploited by dedicated hackers and malicious insiders alike.”

Research undertaken by ImmuneFi revealed that the value lost due to DeFi hacks and related scams exceeded $10 billion over the past year, revealing major discrepancies in how exploits are classified and tracked. However, most research on the matter seems to agree that security exploits targeting DeFi projects have witnessed a steep rise.

Although DeFi exploits have undermined the legitimacy of cryptocurrency markets in the eyes of traditional investors and legacy financial systems, CertiK offered a silver lining: 2021’s losses represented only 0.05% of crypto’s total market capitalization, down 17% from the previous year.

Related: What is a honeypot crypto scam and how to spot it?

The cryptocurrency market peaked just north of $3 trillion in November 2021 after starting the year below $800 billion, according to CoinGecko data. DeFi was a major growth catalyst for crypto, with the sector’s total value locked rising from less than $20 billion at the start of 2021 to a record high of nearly $260 billion in December. Total value locked, also known as TVL, refers to assets that are currently being staked on DeFi protocols.

CertiK cited the growing popularity of Binance Smart Chain (BSC) as one of the biggest reasons for DeFi’s success. Between January and December 2021, BSC’s TVL grew from $62 million to $21 billion — an increase of 31,000%.

Demand for CertiK’s blockchain security services appears to be on the rise as more projects look to avoid falling victim to scams and exploits. The company audited a total of 1,737 projects in 2021. As Cointelegraph reported, CertiK is approaching unicorn status after securing $80 million in Series B2 investments that concluded in late November 2021.

Tags
Decentralization
Blockchain
Research
Cybersecurity
Security
Related Posts
An Ethereum 2.0 Proof-of-Stake Testnet Blockchain Is Now Live
An Ethereum (ETH) 2.0 Proof-of-Stake (PoS) testnet beacon blockchain is now live. Preston Van Loon, co-founder of sharding development firm Prysmatic Labs, announced the development in a Medium post on May 7. Ethereum 2.0 is an upcoming new Ethereum chain featuring improvements in security, scalability, and decentralization. Ethereum 2.0 would not be introduced to the current Ethereum network by means of a hard fork. Instead, users will be able to transfer value from the current Proof-of-Work (PoW) chain via a one-way smart contract. The announcement also notes that shards are a core concept behind Ethereum 2.0. Shards are individual chains …
Decentralization / May 8, 2019
Can Solana become the dominant PoS chain despite persistent outages?
Like most new-age networks, Solana was developed to resolve major issues confronting the blockchain industry. While the network has addressed some of these issues by its very nature, it has also encountered a few unique problems. From resource exhaustion to a halt in block confirmation, the Solana network has suffered a number of setbacks that resulted in repeated power outages, causing the network to shut down for hours on several occasions. The network went down on December 4, 2020, about three years after Solana was introduced, causing confusion in the community. The chain appears to have stopped validating new blocks …
Decentralization / May 10, 2022
Cybersecurity, Blockchain Firm WISeKey Acquires Interest in Data Infrastructure Firm
Switzerland-based blockchain, Internet of Things (IoT) and cybersecurity firm WISeKey has acquired a 22 percent interest in American data infrastructure firm Tarmin through a multi-million USD transaction, exact amount unspecified. The news was revealed in an official announcement from WISeKey on April 3. WISeKey focuses on creating digital identity ecosystems that implement blockchain, AI and IoT technology for people and smart device, while Tarmin develops scalable data and software defined infrastructure for high-volume data management and secure storage. WISeKey’s agreement to acquire a 22 percent interest in the latter had been signed in the fall of last year. The investment …
Decentralization / April 3, 2019
How blockchain archives can change how we record history in wartime
Decentralized blockchain technology has been around for a relatively short period of time, in the grand scheme of things, but its decentralized nature has the power to keep data and information out of the hands of censors looking to create a “safe” and “faultless” version of history. Blockchain is permissionless and literally owned by no one. So, while we can’t save the Alexandria libraries of the past, we can make sure the future is well equipped with the tools necessary to preserve historical records. Here we’ll look at some of the ways nonfungible tokens (NFT) and blockchain technology have been …
Adoption / May 12, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022