Cointime

Download App
iOS & Android

A Recap of Defi Hacks in Jan 2023

Validated Individual Expert

As far as DeFi hacks go, January 2023 was a pretty calm beginning to the year. A few significant attacks on DeFi protocols did occur, although the majority of the most important hackers targeted specific people.

Media attention is typically drawn to attacks on important DeFi projects. However, people were the main targets of the majority of the most serious attacks in 2023 rather than projects. The following people working in the cryptocurrency sector were targeted in January 2023:

  • NFT God
  • CryptoNovo
  • Luke Dashjr
  • Nikhil Gopalani
  • Kevin Rose

Major DeFi hacks were less common in January 2023, but they were still there. When a deprecated IBSC token contract was replaced, it was not disabled, which led to two versions of the token being operational at once. This vulnerability was exploited by an attack against LendHub. The attacker stole around $6 million from the project by taking advantage of inconsistencies in the liability calculations of the two tokens.

Smart contract weaknesses are frequently used in the most common DeFi attacks. But every notable attack that occurred in January 2023 either went after the privacy and security of a user’s digital wallet or exploited weak security measures when upgrading smart contracts.

An effective cybersecurity strategy is one that considers all potential areas of risk to a project and its users. If you’re planning to release or upgrade a DeFi project, reach out to our Web3 security experts at [email protected] for help with ensuring a secure rollout.

Why Are Smart Contracts Prey to Cyberattacks?

Transparent, autonomous, distributed, immutable, and trustless are among the key characteristics of smart contracts. Ironically, it’s because of these characteristics that hackers are so interested in hacking smart contracts.

Smart contracts with flaws are like low-hanging fruit that are just waiting to be picked since they can carry so much value at any given moment. Hackers have recently focused their attention on cross-chain bridges, which are protocols that let users exchange tokens from other blockchains. In just 2022, these cross-bridge attacks cost hackers over $1 billion in revenue.

Upgradability

There are numerous methods for attaining “upgradability” even though smart contracts are immutable. A new smart contract is deployed, and dependents are directed to the newly deployed contract, which is how it operates. Numerous smart contracts, the bulk of which may be modified, make up a standard DeFi protocol.

This type of decentralized protocol is vulnerable to a number of threats because it has the capacity to be upgraded, which hackers may use against it. In the event that a hacker succeeds in attacking one of the protocol contracts, they may be able to modify the protocol code in some way, either entirely or partially, to meet their requirements. And as long as there is money to be gained, hackers will keep developing new strategies to take advantage of smart contract loopholes.

Bugs

The existence of defects in the codes of smart contracts creates a vulnerability that can be exploited even in the absence of intentional attacks. Additionally, because the majority of these protocols are open source, it is easier for an attacker to look through the source code for potential security holes. It won’t take long for someone to identify a flaw in the code that will allow them to gain access to the system.

Code: Garbage In, Garbage Out

Coding errors in smart contracts are one of the main reasons for hacking. Smart contract audits are frequently conducted quickly, and the audit teams may not even have a complete understanding of the source code at the outset. It does not offer any security guarantees, despite the fact that smart contracts must go through several rounds of auditing.

Incompetence

Hackers may also use team ineptitude, or egregiously careless use of secret keys, as an attack vector. Most likely, you’ve heard of private key hacks or breaches. But how, in the first place, can a private key be “hacked”?

It is recommended as good security practice to save private keys, access keys, passwords, and other sensitive information in a secrets manager rather than in environment variables if you’re talking about programmatically signing transactions using a private key. A poorly constructed application will willingly reveal all application secrets, even when a secrets manager is used. There have been costly breaches that could have been easily prevented if only “basic cybersecurity hygiene” had been followed.

The “principle of least privilege” should be followed when it comes to access in smart contracts, and RBAC (role-based access control) should be used to establish them. When using your signer key in a “hosted” environment that isn’t secure, make sure the wallet has very little access to your application.

Comments

All Comments

Recommended for you

  • BlackRock executive: More and more investors from different wealth classes are looking at Bitcoin as a hedging tool

    Bitcoin has been rising all the way, breaking through the $100,000 mark. A large part of the demand driving the rise in Bitcoin prices has recently flowed into Bitcoin ETFs. Jay Jacobs, head of thematic and active ETFs in the United States at BlackRock, said that since its launch in January of this year, the value of the IBIT ETF has grown to over $45 billion, and its value has increased by $4.1 billion in just the past month. Jacobs said that in addition to candidates who are more friendly to cryptocurrencies winning in elections, an increasing number of investors from different wealth levels are beginning to see Bitcoin as a tool to hedge against geopolitical risks and currency depreciation caused by inflation. As ETFs become an easy way for investors to understand Bitcoin price trends, mainstream interest in cryptocurrencies reaching a critical point is only a matter of time. (Jinse)

  • BTC breaks through $101,500

    the market shows that BTC has broken through $101,500 and is currently trading at $101,510.91, with a 24-hour increase of 6.15%. The market is volatile, so please be prepared for risk control.

  • Trump announces series of appointments for key government positions

    President-elect Donald Trump has made a series of appointments, including Peter Navarro as senior counselor for trade and manufacturing, Paul Atkins as commissioner of the Securities and Exchange Commission, and former Rep. Billy Long as the Internal Revenue Service's commissioner. Trump has chosen people for most Senate-confirmed Cabinet-level jobs, as well as key roles that don't require confirmation. However, he is reportedly considering replacing Defense Secretary nominee Pete Hegseth amid allegations of public drunkenness and sexual misconduct.

  • Source: CFTC chairman candidate has put the suspension of Biden-era enforcement actions on the agenda

    According to FOX Business reporter Eleanor Terrett, CFTC Commissioner Caroline D. Pham is one of the candidates for the new CFTC chairman. Under the leadership of the new leadership, the suspension of enforcement actions during the Biden era has been put on the agenda.

  • Matrixport: Solana’s funding rate is currently as high as 70% annualized, and a price correction may occur

    According to a report, Matrixport has released a chart today stating that Grayscale has submitted an application to convert Solana Trust into a spot ETF. Although the current asset management scale of the product is relatively small at $134 million, if approved, it will set an important market precedent for other ETF issuers. It is important to note that Solana's financing rate is currently as high as 70% annualized, which creates significant pressure on leveraged long positions. Historical experience shows that similar high financing rates are often related to price corrections, as was the case in March of this year when the SOL-USDT price fell under similar financing rate backgrounds.

  • Japanese Prime Minister Shigeru Ishiba is cautious about separate taxation of cryptocurrencies and approval of ETFs

     Japanese Prime Minister Shizuo Shima expressed caution about the unified 20% separate taxation rule for cryptocurrency in a representative issue at a plenary session of the House of Representatives. "Is it appropriate to encourage investment in cryptocurrency such as stocks and investment trusts that have investor protection regulations? Will the public understand the idea of applying separate self-assessment taxation? There are several issues that need to be resolved. We need to consider it carefully." At the same time, "whether cryptocurrency should be included in ETFs depends on whether cryptocurrency is an asset that needs to be made more easily accessible to the public."

  • AI computing economy layer GAIB completes $5 million seed round of financing, led by Hack VC, Faction VC and Hashed

    GAIB, an AI computing economic layer, announced the completion of a $5 million seed round of financing, with Hack VC, Faction VC, and Hashed leading the investment. Other participating investors include Spartan, Animoca Brands, MH Ventures, Aethir, Near Foundation, Chris Yin from Plume Network, and Lucas Kozinski from Renzo Protocol.

  • Cadenza, an investment institution focusing on blockchain and AI, has raised $50 million for its early-stage AI venture capital fund

     Cadenza, a risk investment company focusing on blockchain and artificial intelligence, announced that its early AI venture capital fund has raised $50 million. The new fund will focus on seed and pre-seed investments, with a focus on infrastructure and enterprise applications. Cadenza's investment portfolio in the Web3 field currently includes: Web3 infrastructure Validation Cloud, Malaysian digital asset exchange Hata, Web3 API platform Uniblock, L1 blockchain Linera, and encrypted wallet application Zulu.

  • Union Completes $12 Million Series A Funding, Led by Gumi Cryptos Capital and Others

    cross-chain settlement layer Union has announced the completion of a $12 million Series A financing round, led by Gumi Cryptos Capital and Longhash Ventures, with participation from Borderless Capital and Blockchange, as well as blockchain founders from Polygon, Movement, and Berachain. The funding will be used for core team expansion, partner integration, and ecosystem development.

  • DeFi TVL exceeds $95 billion again

    According to defillama data, as of May 18, 2024, the total value locked (TVL) in DeFi has once again surpassed $95 billion. It is currently reported at $95.069 billion, an increase of nearly $12 billion from the low point of $83.04 billion 35 days ago. Among the top five protocols in terms of TVL, Eigenlayer has the highest 30-day increase, with TVL rising by 19.67% to a total of $15.455 billion.