Off-chain attacks are an increasing threat to DeFi


In the world of decentralized finance (DeFi), off-chain attacks are becoming an increasingly significant threat, particularly due to compromised private keys, blockchain security specialist Halborn has found in its latest report.

According to their Top 100 DeFi Hacks Report, off-chain attacks accounted for 29% of the total number of attacks from 2016 to 2023 and 35% of the funds stolen overall. However, in 2023 alone, off-chain attacks comprised 57% of the total and accounted for 58% of the stolen funds. The remaining attacks were related to smart contract exploitation, price manipulation, or governance attacks.

ADVERTISEMENT
Hacks per year
Source: Halborn

Halborn noted that compromised private keys are the second most common cause of attacks and losses after direct smart contract exploitation. In 2023, 52% of the total attacks were due to compromised private keys.

They stressed that only a fifth of the attacked protocols used more sophisticated private key storage schemes, such as multi-signature, which requires more than one private key to sign a transaction. Moreover, DeFi users still need to be reminded to store their private keys in cold wallets or special hardware, which is more secure than storing them online.

Loss caused by hacks
Source: Halborn

The authors of the report also stressed that the majority of attacked protocols used unaudited smart contracts. "However, some vulnerabilities leading to attacks, like price manipulation, are hard to identify in audits if the whole ecosystem and how the protocol interacts with it are not considered," they added.

Overall, the top 100 largest DeFi hacks from 2016 to 2023 cost their victims over $7.35 billion. However, in 2023, there were 6% fewer attacks, and the average value lost per attack was $47 million less than in 2022, according to the report. It noted that these numbers might also be influenced by the decrease in the total value locked (TVL) in DeFi since 2022. TVL refers to the value of all tokens deployed to DeFi protocols.

ADVERTISEMENT