An overview of oracle and cross-chain bridge attacks.
Hacking is up
In 2022, cryptocurrency saw a whopping $20.6 billion dollars worth of crime. This comes during one of the most troublesome years in the cryptocurrency world. Amid the ongoing bear market, new sanctions, and the collapse of FTX, on-chain cryptocurrency crime shifted from $18.8B USD in 2021 to $20.6B USD in 2022.
Over the past year, the amount of value stolen in hacks rose from $3.3 billion in 2021 to $3.8 billion in 2022. The relative amount year over year increased due to a 35% drop in the total cryptocurrency market cap. However, the amount stolen still remains small compared to cryptocurrency’s overall $1.2 trillion market cap.
Problems for DeFi
On March 13th, 2023, a hacker stole around $196 million from Euler Finance. This attack reflects an ongoing pattern of hacking in DeFi. Our August 2022 insight on crypto crime outlined weaknesses in the DeFi ecosystem such as security breaches, human-error hacks and internal corruption. Since then, research has shown that DeFi accounts for 82% of total hacks in 2022, compared to 73% in 2021. Overall, hacking has accumulated a total value of $6.45 billion and DeFi hacks represent $5.26 billion of this total. There are two major recurring problems for DeFi: cross-chain bridge hacks and price oracle manipulation.
Cross-chain bridges allow two separate blockchain networks to communicate, and can facilitate transfers of information and assets without the use of centralized exchanges. These systems are prone to hacking, as there are opportunities to manipulate the smart contracts and other processes supporting the bridge. In August 2022, Nomad experienced a bridge hack due to a flaw in their smart contract costing them nearly $200 million.
Oracles connect real-world data to smart contracts. A common technique to exploit oracles involves using flash loans to manipulate market prices. The Mango Markets hack, which cost the platform $117 million, exemplifies this practice. Chainalysis estimates that DeFi protocols lost $386.2 million in 2022 from oracle manipulation attacks alone.
What can you do?
While our previous recommendations on safeguarding cryptocurrency assets still stand, it is important to be aware of new risks as the space develops. Due to the increase in DeFi hacking, it is good practice not to bridge money that you cannot risk losing. Also, thoroughly research both the protocol you’re choosing as well as its oracles. Cryptocurrency and DeFi are new technologies and although improvements to improve security and decrease hacks will continue, users of these technologies will need to remain vigilant in order to keep their assets safe.