New blow to DeFi: Warp Finance loses $ 7.7 million
The world of decentralized finance (DeFi) has again fallen victim to an attack on instant loans. Credit protocol Warp Finance was the victim of an attacker who stole almost $ 8 million in stablecoins.
DeFi: a new El Dorado for hackers?
Warp Finance suspected that there were anomalies in their system, and the team warned users not to deposit assets to their accounts:
“Warp Finance was subjected to a comprehensive instant loan attack that allowed an attacker to borrow an amount in excess of its collateral value, resulting in a loss of funds from stablecoin lenders,” the team said on Twitter. In particular, 3.85 million DAI and 3.92 million US dollars were stolen.
The complexity of the attack was that it included several flash swaps in 3 liquidity pools on the decentralized exchange Uniswap for a total of $ 180 million, as well as 2 loans on the dYdX platform, for a total of $ 51 million. These funds were then used to circumvent the Warp Finance system.
Analyst Тick Сhong said that the attacker managed to carry out this operation with 1 eth through tornado cash – an ethereum mixer that is not associated with storage.
The company’s team of experts estimates that of the $ 7.7 million lost, they can recover about five and a half million held in a collateral vault. These funds will theoretically be reallocated to holders who have suffered financial losses as a result of the hack.
Warp Finance has not yet been audited by hackenclub, a company that specializes in the security of DeFi protocols. The protocol community, recognized for its reliability in the cryptocurrency world, is trying to understand why such a flaw was not detected and then fixed in advance.
This proves once again that defi protocols are far from perfect, even if they have been audited by specialized companies. The world of decentralized finance is still young, and this yet another major attack reminds us of that.
Launched on December, 8th, Warp Finance is already out of the game, and will struggle to regain the trust of new users. The team plans to publish a detailed analysis of the attack and other operations in the coming days.
The number of attacks related to DeFi has increased dramatically
A new CipherTrace report notes that the number of crimes related to decentralized financing is increasing this year, compared to 2019.
According to the CipherTrace report, “general” non-DeFi crypto attacks caused $ 51.5 million in damage in the first half of 2020. In the second half of the year, this trend continues: 292 million rubles in the result of break-ins and other thefts.
However, the sector is also growing. According to the report, decentralized financing accounted for 45% of all thefts and break-ins ($51.5 million, or 40% of the hacked volume). In the second half of the year – 50% of all thefts and break-ins ($47.7 million, or 14% of the total).
According to CipherTrace, the volume of hacks was “almost negligible” for the sector in 2019. Thus, the trend appeared quite recently: over the past summer, this area has grown significantly. Moreover, funds from “classic” attacks can now be laundered due to defi.
The report recalls that it was the hacking of KuCoin that led to an increase in sales volumes in the second half of the year. He let the attackers get away with $ 281 million. If we remove this particular attack, DeFi attacks will gain an advantage in terms of volume over the same period. The funds stolen from KuCoin partially passed through Uniswap, which links this attack to decentralized finance.
Unsurprisingly, the analyst firm concluded that the anti-money laundering measures applied in the protocols were “flawed.” CipherTrace explains the following:
“protocols are open in nature, which means they often lack a compliance tool. Anyone in any country can access it with virtually no KYC information. As a result, DeFi can easily become a haven for money laundering”.
CipherTrace has historically opposed anonymity, so this interpretation is not particularly surprising. This debate are as old as Bitcoin, which are regularly concerned about the crypto community. The creation of decentralized financial systems often allows for greater anonymity, and allows funds to flow without the control of traditional regulators.
Should this be seen as a positive thing and as a way for users to regain control of their capital? Or should we worry about the opportunities this opens up for attackers? The debate continues.