With the ongoing rise in popularity of DeFi protocols, it was only a matter of time before hackers caught on and attempted to get away with a piece of it.
The recent hack suffered by Akropolis, an Ethereum-based DeFi protocol, resulted in a loss of more than 2,030,850 DAI ERC-20 tokens. According to people familiar with the talks, smart contracts in savings pools were targeted, with Curve Y and Curve sUSD savings undergoing huge losses. Per Akropolis team’s Twitter announcement:
“We recently identified a hack executed across a body of smart contracts in the ‘savings pools’ that have been audited twice. We are working with security specialists and on-chain analytics providers and aim to make a more detailed statement shortly.”
Stablecoins were liquidated by hackers, who transferred the stolen crypto to an Ethereum digital wallet. To prevent more funds from exiting the DeFi protocol, Akropolis has temporarily suspended the activity of all stablecoin pools.
At the time of writing, the team is investigating the losses and trying to get to the bottom of it. As two separate audits have been conducted on the targeted savings pools before hackers made away with over 2 million tokens, the hack has caught Akropolis completely by surprise. Currently, the team is brainstorming solutions to reimburse the lost stablecoins to Akropolis users.
The bad that comes with the DeFi boom
The surge in DeFi hackers has been notable this year, with the decentralized finance sector taking off in 2020 like never before. DeFi hacks, which were not significant in the least in 2019, has been growing in tandem with the decentralized finance sector’s success this year.
According to CipherTrace, crypto losses and laundered funds are up 30% compared to last year, with $468 million of fraudulent funds attributed to cybercrime. Of that amount, about 20% of the hacks targeted the decentralized finance sector, translating to approximately $98 million in stolen funds.
The largest hack recorded in 2020, in which KuCoin crypto exchange was targeted, resulted in funds being laundered through DeFi. Though KuCoin is listed as a centralized exchange, this did not prevent criminals from successfully stealing funds. So what is the solution here?
According to CipherTrace, running security audits is an important step in preventing contracts from running unaudited. Commenting on the matter, the US Securities and Exchange Commission’s Lead Director Valerie Szczepanik, also said:
“If the industry takes the time to get it right and engages with regulators to help them do so, then good stuff percolate to the top and you will have the benefits that come with the promise of distributed ledger technology.”