Despite a notable 50% reduction in thefts throughout 2023, decentralized finance (DeFi) hacks remain a formidable menace, as revealed by a comprehensive report from blockchain security firm Halborn. This report meticulously outlines the top 100 DeFi breaches from 2016 to 2023, culminating in a staggering $7.4 billion in total losses. The majority of these breaches have predominantly targeted Ethereum, Binance Smart Chain, and Polygon ecosystems.
The report underscores that while on-chain breaches, including smart contract exploitation, price manipulation, and governance attacks, are most common, off-chain attacks such as private key theft still pose a significant threat. These off-chain exploits constitute 29% of all attacks and account for 34.6% of the total funds pilfered. Notably, in 2023, off-chain incidents surged to represent 56.5% of all attacks and led to 57.5% of the stolen assets.
Read more: Litecoin and Chain Linking The Future of Decentralized Finance
Halborn’s analysis reveals a concerning trend: only 21% of compromised protocols employed multi-signature wallets, a security measure requiring multiple approvals for transactions. The majority of on-chain breaches occurred in protocols lacking thorough audits, with inadequate input verification and validation identified as primary vulnerabilities leading to smart contract exploitation.
Furthermore, cross-chain bridges continue to be a critical attack vector. Halborn advises protocols to conduct meticulous code reviews before integrating cross-chain bridges to mitigate risks.
The Ronin Bridge, which suffered a $12 million hack last week, highlights ongoing vulnerabilities. This incident follows a significant $625 million breach of the same protocol two years earlier. Additionally, an Immunefi report has indicated that DeFi-related hacks resulted in $473 million in losses during the first half of 2024 alone.