© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

DeFi has made it to cybercriminals’ favorites in 2022


DeFi (decentralized finance) accounted for 100% of all stolen crypto in the second quarter of 2022. But what are the reasons for cybercriminals’ interest?

The boom in DeFI is attracting threat actors who seek “seemingly untraceable gains.” The report from BestBroker’s research team dives into the reasons why DeFi has emerged as the most lucrative decentralized niche for cybercriminals.

Between 2015 and 2020, DeFi primarily consisted of Ethereum, with the blockchain first supporting the so-called Smart Contracts. These stored programs automate the execution of an agreement between the parties, with no additional entities involved.

While such a concept greatly simplifies the process of conducting business, it requires complex programming languages such as Solidity and Vyper. As these continue to advance, there is still much to learn, leaving room for programming vulnerabilities and weaknesses in Smart Contracts themselves.

Additionally, those Smart Contracts reside at public addresses, which makes them susceptible to reverse engineering. This could allow threat actors to access the contract’s complete machine code and, if possible, exploit its vulnerabilities.

“The reason for DeFi hacks occurring so frequently could be split into two - intentional so-called ‘rugpulls’ from anonymous teams and hacks or exploits of legitimate projects that occur due to the complexity of smart contracts and the nature of blockchain technology - everyone having access to the public code, leaving more room for bad actors,” Vygandas Masilionis, the CEO of Lossless, told CyberNews.

Smart Contracts aside, DeFi often utilizes tokens to incentivize staking. Hence, they could potentially become prone to price manipulation by a cybercriminal due to their dependence on exchanges and liquidity pools.

And ultimately, anyone may start their own DeFi service. The report suggests that all you need is “a website, running a Web3 Decentralized App and a Smart Contract, and… the right ad and marketing budgets” to start getting users. Threat actors are aware of that and often lure unsuspecting payers into fabricated projects only to collect crypto investments and never come back.


More from Cybernews:

Cryptocurrency: how to keep yours safe

NIST names four post-quantum cryptography algorithms

UK orders social media platforms to actively look for Russian propaganda

Here’s how attackers take down satellites and how we can stop them

Apple introduces Lockdown Mode to protect users from spyware

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked