By Professor Ronghui Gu, Co-Founder, CertiK
Blockchain is, at heart, a security technology. Distributed Ledger Technology (DLT) is essentially an improved method of record-keeping, one which achieves a consensus shared by an unlimited number of nodes in environments with sizable incentives for dishonesty.
The truly revolutionary nature of Satoshi Nakamoto’s invention of blockchain becomes apparent when we consider the applications that are now being built upon it. DLT is much more than just a better way to store records, it’s the foundation of digital scarcity, the hardest form of money the world has seen, censorship-resistant financial platforms, and non-counterfeitable proof of provenance.
Decentralized finance (DeFi) is one blockchain-based industry that has experienced rapid growth. And yet why, if it is built on such a revolutionary security technology, have we witnessed billions of dollars stolen from DeFi protocols over the last couple of years?
The short answer is that the nascent industry’s boundless innovation and users’ unabated demand for decentralized financial services have combined to create an environment where massive sums of money can be lost due to a single error in a line of smart contract code.
For the long answer, we need to understand exactly how these crypto-heists are being pulled off, and how the industry can evolve to fully realize the powerful security potential of blockchain technology.
Let’s go down the list of the largest DeFi exploits and see how each fell victim to one of the seven deadly sins of blockchain security.
- Burning Bridges
So-called “Ethereum-killers” are nothing new; each cycle has its share. The 2017 bubble saw competing blockchains like EOS, NEO, and Tron, all of which are now far below the heights they reached four years ago in terms of token price and project development.
Last year, Binance Smart Chain, Solana, Avalanche, and a handful of other blockchains offered real alternatives to users who did not wish to deal with Ethereum’s high transaction fees and slower settlement times. The difference in this cycle is that there now exists infrastructure connecting these competing and complementary blockchains.
Cross-chain bridges make it easy for users to transfer funds back and forth between chains, while cross-chain yield farming platforms take advantage of opportunities across multiple chains instead of limiting their scope to just one blockchain. A contract that can interact with all other contracts in the crypto ecosystem – instead of being limited to just the subset that lives on a specific chain – is orders of magnitude more powerful.
However, improperly designed cross-chain interoperability protocols magnify the losses caused by successful exploits. Nearly a billion dollars were lost in just two separate exploits of cross-chain bridges. Poly Network, which connects 15 blockchains, was exploited for $610 million in August 2021, while Wormhole’s Ethereum-Solana bridge was drained of 120,000 ETH (~$320 million) in February of this year. These exploits are the two largest DeFi hacks ever.
Ultimately, neither were quite as catastrophic as they could have been due to two acts of enormous (and undeniably self-interested) charity. In the case of the Poly Network exploit, the hacker ended up returning the stolen funds after being threatened with legal action. In Wormhole’s case, Jump Trading stepped in to backstop the missing liquidity, which would otherwise have left the majority of all wrapped Ether on Solana unbacked.
These near misses highlight two facts: bridges command demand in the hundreds of millions of dollars, and their failure can be disastrous.
- Not Considering Centralized Exchanges as Central Targets
One of the main benefits of centralized exchanges is that they take care of the ins and outs of crypto custody – something which can be overwhelming for new users. But while entrusting your crypto holdings to a centralized entity removes (most of) the risk that through inadvertent error you’ll lose access to your funds, it introduces the risk that they’ll be caught up in any exploit of the exchange itself.
While the focus has mostly been on decentralized exchanges (DEXs) recently, two major centralized exchanges were compromised in the last year: Bitmart and Crypto.com. The hack of Bitmart’s Ethereum and Binance Smart Chain hot wallets led to losses amounting to $196 million, the third-largest loss in DeFi history.
- Trying to Hide on a Public Blockchain
A bug in an update to veteran DeFi money market Compound Finance’s code in September led to a two-part exploit with an important lesson for all DeFi users and builders.
This bug was the result of two instances of “>” instead of “>=” in the platform’s code: a reminder of the power of every line of smart contract code. The resulting losses weren’t of user funds, however, they were instead borne by COMP token holders after the platform erroneously allowed others to claim unearned rewards: loss via dilution.
While losses were initially limited to $80 million, it soon became apparent that an additional $68 million was at risk. As the platform is controlled by a DAO (Decentralized Autonomous Organization), Compound was then in a race against time to pass an update alleviating this risk before anyone could take advantage of it.
But secrets don’t last long in an open-source world, and before long the full $68 million at risk was claimed. At $148 million, Compound’s losses rank this exploit as the fourth most valuable in DeFi.
- Insecure Private Key Management
All the blockchain and smart contract security mechanisms in the world are of no use if the private keys securing a wallet or platform are compromised. It’s like setting up a thousand-dollar home security system than leaving the code to the alarm on the front door.
Unfortunately, hundreds of millions of dollars have been lost to this exact kind of negligence. A stolen private key was the mechanism used by the Bitmart hacker to drain nearly $200 million from the exchange’s hot wallet. In December 2021, 96 private keys securing the blockchain game studio Vulcan Forged were compromised, leading to a loss of $140 million.
Meaningful blockchain security requires users and developers to take on the responsibilities that proper private key management entails.
- Underestimating the Power of Byte-Sized Bugs
When a smart contract controlling billions of dollars is only a few thousand lines of code, each variable plays an outsize role. A bug in just one can put the whole protocol at risk. The sixth-largest DeFi exploit – C.R.E.A.M. Finance – lost $130 million as a result of a re-entrancy bug in its integration of AMP. A borrowing contract failed to update its state after being called, meaning it could be invoked until being drained of all the funds it held.
Code is the only thing between a hacker and the billions of dollars many DeFi platforms secure. It needs to be airtight – no easy task when another fundamental tenet of the industry is interoperability. A smart contract can be secure on its own, but when it interacts or integrates with another set of contracts (in the case of the C.R.E.A.M. exploit) a whole new set of risks is introduced.
One solution to this problem is formal verification, a mathematical process wherein all possible values for all the variables of a contract are calculated and examined. This can provide security guarantees for all the possible states of a certain contract, now and into the future.
- Only Securing the Back end
While the vast majority of DeFi hacks take advantage of flaws in smart contract code, it’s important to remember that Web3 applications are just that: web-based. There are many more factors to consider beyond smart contract security when deploying and monitoring a Web3 app.
Badger DAO learned this lesson 120 million times over. While Badger’s smart contracts functioned as intended with no apparent security risks, an attacker still managed to drain $120 million worth of tokens from the platform. They did so by compromising the website’s front-end and inserting their own wallet address into the transactions of users who were approving their tokens to be sent to Badger. These users then unknowingly approved an unlimited amount of their tokens to be sent to this malicious address.
The attacker amassed these approvals over a period of ten months before finally capitalizing. Upon discovering the exploit, the Badger team paused their contracts, protecting their users from further losses but also demonstrating that their DAO is perhaps not as decentralized as the name would imply.
It appears that the attacker managed to compromise a Cloudflare API key, which allowed them to inject malicious code on the front end. This is a unique attack vector, and one which requires more traditional Web 2.0 cybersecurity methods to protect against.
- Trusting Repeat Offenders
Anonymity has a strong tradition in crypto. The true identity of Satoshi Nakamoto is still unknown. Anonymity – or pseudonymity – allows developers to work freely and release software that could see them persecuted for their actions in certain parts of the world.
But anonymity also allows nefarious actors to repeat their scams. It’s hard to know how common this is exactly, but hanging out on crypto Twitter or in the right Discords will give a good feel for the names and projects to avoid.
A project doesn’t have to be an outright scam to inspire a healthy degree of caution. If the founders have been involved in other exploited projects it’s usually not a great sign for the security of their future projects. A cross-chain bridge that was recently hacked to the tune of $80 million was founded by the same names behind a different DeFi project that lost $47 million across two separate incidents in the last year.
Towards a More Secure DeFi Industry
Combining these seven lessons gives us a pathway towards a safer, more secure decentralized financial system. First, it’s clear from user demand alone that cross-chain interoperability is a growing need and one that’s not going to disappear anytime soon. Yet as the sums involved grow by the day, security of these cross-chain bridges needs to be front of mind.
Centralized exchanges need to step up to ensure that they actually provide one of their main value propositions: peace of mind for traders and investors who do not want custody of their own crypto.
Blockchain analysis continues to grow in sophistication, making it harder and harder for hackers and criminals to launder the proceeds of their actions. There’s a flip side to this, though. The open-source nature of smart contract code means that bugs sit out in the open, waiting to be discovered. DeFi platforms need to continue to offer bug bounties to incentivize white hat hackers to seek out these flaws, rather than leaving it to those who would prefer to take off with as much value as the contracts held.
Private key management is still a pain point, but it is essential to the security of the whole world of crypto. When a single key can secure tens of billions of dollars of value, it needs to be safeguarded appropriately.
Smart contract programming languages are still extremely new. The oldest is not even a decade old. Naturally, there will be some obstacles as talented developers learn how to leverage these powerful new contracts. However, when dealing with the real value that users and investors contribute, security must be a priority. Smart contract audits are an essential step in the development process that can pick up on the errors that put whole projects at risk. And just as important is proper front-end security.
Finally, in DeFi it pays to know exactly who’s behind a project. The reputation here works a little bit differently: an anon with an impeccable track record could be a safer bet than a fully doxxed ex-TradFi employee.
Decentralized finance and Web3 are built on a fundamentally secure technology: blockchain. The implementation of these new applications is where vulnerabilities arise, but by keeping in mind the lessons above users and developers alike will be taking a big step towards a more secure crypto future.
About the Author
Prof. Ronghui Gu is the Co-Founder of CertiK. He is the Tang Family Assistant Professor of Computer Science at Columbia University. Prof. Gu holds a Ph.D. in Computer Science from Yale University and a Bachelor’s degree from Tsinghua University. He is the primary designer and developer of CertiKOS and SeKVM. Gu has received: an SOSP Best Paper Award, a CACM Research Highlight, and a Yale Distinguished Dissertation Award. Prof. Ronghui Gu can be reached at https://www.linkedin.com/in/guronghui/