Decentralized finance (DeFi) is a great substitute for traditional financial instruments that government-regulated institutions back. It does, however, carry plenty of associated risks. Since just about anyone with an interest in DeFi can draw up their protocol, there are plenty of flaws in the system.
Often, faulty code makes a project susceptible to hacks. This is especially true when it comes to DeFi protocols and projects doing everything else right can fall victim. Further, Chainalysis.com reports that the second biggest issue for protocols is security breaches, a statistic unlikely to slow down anytime soon. Breaches accounted for under half of all DeFi protocol attacks in Q1 of 2022.
For those who get hacked, many simply cannot recover their losses and shut them down entirely. On the other hand, some protocols have recovered but not without substantial drawbacks for the entire project. Here are a few examples of innovative DeFi projects that have experienced vicious hacking attacks.
Popsicle Finance is a multichain yield enhancement platform that holds the ICE token. The protocol supports a variety of DeFi platforms and liquidity providers.
In August of 2021, the platform was hacked, and subsequently lost about $25 million worth of Ethereum. The hack took place by tricking the platform’s Sorbetto Fragola liquidity manager into sending copious amounts of the cryptocurrency. Fragola works to optimize yields on Uniswap V3, a Defi protocol that allows users to swap Ethereum without needing an order book.
While the project seemed to be taking all the necessary precautions, it still managed to fall victim to a hack. Shortly after, the ICE coin fell in value by 55% but seemed to recover ultimately.
Was recovery possible for Popsicle Finance? Yes, it was. The protocol still lives today with a price tag of $0.42.
In October of last year, CREAM Finance, an Ethereum-based lending protocol, was exploited for $130 million, according to Bloomberg. Prior to the hack, the platform had fallen victim to more minor (but still substantial) attacks worth $38 million at the beginning of 2021 and another worth $19 million 6 short months later.
CREAM (Crypto Runs Everything Around Me) had suffered from what’s called “flash loan attacks,” which is where a hacker borrows money (usually uncollateralized) from one protocol and quickly resells it on another platform. The hacker will usually rinse and repeat several times before disappearing from the face of the earth.
Was recovery possible for Cream Finance? Yes, as of this writing the CREAM finance price is $18.30.
Like CREAM Finance, Beanstalk was a protocol that fell victim to a flash loan attack, and the platform was drained of $182 million as a result. The project was formed to create some parity between the supply and demand of crypto assets.
There was said to be little recourse for investors who had staked their coins in Beanstalk after the project founders expressed a small likelihood of seeing a bailout.
Was recovery possible for Beanstalk? Unfortunately, not. The project was trading for just 14 cents shortly after the attack.
Toward the end of 2021, Grim Finance experienced a hack where about $30 million was stolen after a vulnerability was found in its system. The vulnerability was located in the project’s vault contract and prompted widespread risk for all vaults.
DeFi auditing firm, Solidity Finance later apologized for not seeing the vulnerability during their audit that had taken place just four months prior. They cited concerns that a newly hired analyst had conducted the audit and was likely to blame.
Was recovery possible for Grim Finance? Yes, it did manage to pull through.
Ring Financial began as a project aimed at aggregating DeFi protocols. It was located on the Binance Smart Chain and inspired by a similar project called Strongblock that allows users to create blockchain nodes.
The project experienced its first attack at the end of 2021 after exploiting its smart contract. As a result, investor interest plummeted, and trust in the project was lost. Many labelled the project itself as a scam and threatened the project founders.
Was recovery possible for Ring Financial? No, it was not. The Ring founders shut the project down following numerous threats and widespread scepticism.
Exciting projects, but major setbacks
Despite all the above projects introducing new and very innovative ideas, they all suffered tremendously from exploits found in their systems. It’s now up to DeFi leaders and the community to address the cracks in the system and advance security protocols.
With the right approach, fewer projects introducing intriguing concepts will die. It’s up to the DeFi community to help intercept hungry hackers looking to suck the life out of vulnerable DeFi protocols.