Unchained with Laura Shin
Subscribe
Cover photo

DeFi Crimes Have Cost $12 Billion in Total Losses. How Are Hackers Cashing In?

Crypto exploits are becoming more frequent, but law enforcement can easily track the attackers' movements.

Laura Shin

Dec 17, 2021

There have been more than $12 billion worth of loss in DeFi, according to a report by Elliptic, a blockchain analytics company.

On my podcast, Unchained, Jess Symington, research lead at Elliptic explains that while only about $2 billion of this is in direct loss, which is the amount directly taken by hackers, the steep drops in the prices of the tokens associated with the hacked protocols accounts for the other $10 billion.

"The biggest cause of loss, or the biggest exploit the hacker takes advantage of, is what we call 'bug vulnerabilities.' That consists of code vulnerabilities, which the hacker takes advantage of to steal the money, or there's an error in the way the protocol was set up in the first place. We call this an 'economic vulnerability,'" says Symington.

For example, she says, in the MonoX hack, the hacker was able to artificially inflate the price of the Mono token and then use that artificial value to purchase all the other assets in the protocol and take the funds.

Hackers also take the private keys for both users as well as for so-called "hot wallets," which are crypto addresses that are connected to the internet, making them easier for hackers to access.

Another category of popular hack is called, in crypto parlance, "rug pulls," in which the developers themselves pretend to be working on a legitimate project, and then, after they've raised money, they pull the funds and stop working on the project.

Since many developers, both legitimate and illegitimate, are accused of executing such scams, Symington explained that the criterion for a true rug pull is one in which the protocol developers themselves abandon their efforts at the same time the hack occurs.

For example, Squid Coin was a coin created based off the popular Squid Game Netflix TV series that took off this past fall. However, at the same time that the value was drained out of that token, the developers said that they did not want to continue working on the project.

As Emin Gun Sirer, the founder of another protocol, Avalanche, tweeted at the time, "99.99% drop on the squid game token. I mean, what did you guys expect? There's nothing behind this coin except it stole its name from a popular show."

Among the various blockchains with DeFi activity, the majority of hacks occur on Ethereum, mostly because it is the most popular chain for DeFi. However, a greater number of hacks this year have also occurred on Binance Smart Chain as well as the layer 2 on Ethereum, Polygon.

In recent weeks, there's been a spate of crypto hacks totalling about $600 million in 14 days. Bitmart, a centralized exchange was exploited for $196 million, Vulcan Forged for $140 million, BadgerDAO for $120 million, and AsecndEX for $83 million. Symington says, "Whenever a hack occurs, we see these sad stories on social media or in Telegram groups of people losing their entire life savings."

Another category of crime that has been rampant this year is ransomware, which made headlines ealrier this year for doing things like shutting down the Colonial Pipeline. Symington says ransomware hackers aren't slowing down much, although they are, in some cases "retiring," or at least pretending to close down, only to reappear under a new name. Meanwhile law enforcement has been having some success, due, of course, to the fact that on these blockchains, the activity is transparent, making it easy to follow the illicit funds.

Once hackers have their ill-gotten gains, they find varying success in being able to cash out. In DeFi crimes, they tend to try to convert to the base currency, such as ETH or BNB, especially if they've stolen stablecoins such as USDC or USDT, because those issuers can freeze those coins. Once the thief has the money in, say, ETH, they will try to use a mixer.

Tune in to the full show to find out:

  • which Ethereum mixing service is most popular

  • which service on Bitcoin is quite commonly used to launder money

  • the hilarious reason why, it appears, some thieves don't attempt to cash out

  • how some criminals actually will cash out at physical venues (and where those are located)

  • who the hackers tend to be

  • how DeFi protocols can help prevent future hacks

  • how Symington says you should try to protect yourself if you want to participate in DeFi

If you'd like to learn more about crypto:

  • subscribe to my 5.5-year-old podcast Unchained, which is available on YouTube, Apple Podcasts, Spotify, Google Podcasts, Pandora or wherever you get your podcasts

  • follow me on Facebook, Instagram, Twitter, LinkedIn and/or Medium

  • sign up for the Unchained Daily newsletter, which comes out Monday-Friday

  • and/or buy my forthcoming book, which is all about Ethereum and the 2017 ICO craze, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze

(Cover photo credit: NurPhoto / Contributor / Getty Images)

Subscribe to Unchained with Laura Shin
By subscribing, you agree to share your email address with Laura Shin to receive their original content, including promotions. Unsubscribe at any time. Meta will also use your information subject to the Bulletin Terms and Policies

More from Unchained with Laura Shin
See all

TRM Labs: Here's Why Blockchain Analytics Are Important

Plus: What crypto has to do with every aspect of your life...
May 18

Crypto Weekly News Recap: Crypto Markets Crash Along With Terra’s Disaster

Plus: Instagram NFTs, El Salvador buying the dip, and more...
May 13

Bosonic: Building Institutional DeFi Infrastructure

Have you ever wondered how institutions onboard to DeFi? Well, Bosonic is one of those avenues...
May 9
Comments
Log in with Facebook to comment

0 Comments

Share quoteSelect how you’d like to share below
Share on Facebook
Share to Twitter
Send in Whatsapp
Share on Linkedin
Privacy  ·  Terms  ·  Cookies  ·  © Meta 2022
Discover fresh voices. Tune into new conversations. Browse all publications