Investing

TOP 15 DeFi hacks in 2021 summary – DeFi crime record

Tokenguard Team
April 8, 2022
top 15 defi hacks

In the absence of a centralized party that can easily become a target to a hacking attack, DeFi platforms in theory must represent a much more secure and reliable solution for storing your funds. However, in reality, the biggest crypto hacks that took place in 2021 occurred exactly on the DeFi platforms. In this article, we are going to review some of the major hacks that have occurred this year and analyze the reasons why they have become possible.

#1. Poly Network – $611 million

The hack of the interoperability protocol Poly Network that took place in August 2021 has become the largest in the whole history of cryptocurrencies. The most interesting aspect of this story is the fact that the hacker eventually returned all the funds to the platform having received a job offer from the project as a Chief Security Advisor.

#2. BitMart – $196 million

Centralized exchanges are typically hacked in accordance with the same scenario. The thief got access to BitMart’s ETH and BNB wallets and sent the stolen funds to an Ethereum mixing service after that.

#3. Compound – $147 million

A hacker discovered and exploited an error in the code after an update for the Compound Controller Vault was released. The community accepted a proposal to fix this bug very soon after that, but in the meantime, a big sum leaked through this vulnerability.

#4. Cream Finance – $130 million

3 successful hacking attempts have occurred on this DeFi protocol since the beginning of the year despite the fact that it has been successfully audited. However, the largest attack could hardly have been prevented by the audit. The hacker relied on the borrowed funds and manipulated the prices with the help of a flash loan attack.

#5. Badger – $120 million

The true reasons why the hack of this decentralized network happened are still unknown. However, some users believe that it’s the vulnerability of the platform’s interface that has to be blamed.

#6. EasiFi – $59 million

Hackers have managed to get access to the founder’s laptop where they have found a passphrase to restore the access to his wallet and drain the funds.

#7. Uranium Finance – $57 million

The hack of this BSC Uniswap clone has become possible due to the bug discovered in its smart contract.

#8. bZx – $55 million

The hackers gained access to the private keys of this blockchain-based protocol via a successful spear-phishing attack targeted at its employees.

#9. PancakeBunny – $45 million

The combination of a bug in this DeFi protocol and a series of flash loan attacks has enabled hackers to mint 697,000 BUNNY tokens. The newly created tokens were immediately sold on the open market and crashed the price of the coin.

#10. Alpha Finance – $37.5 million

Despite being audited in the past, this protocol for leveraging positions in yield farming still contained a vulnerability that made it possible for hackers to steal funds. The attack itself was very complex and involved the protocol-to-protocol lending platform Iron Bank.

#11. Vee Finance – $34 million

This Avalanche-based DeFi lending platform fell victim to a successful attack in a matter of a few days after the launch. The service might have been exploited according to the statement of its founders, but the true reasons are still unknown.

#12. Meerkat Finance – $32 million

This DeFi project announced in its Telegram that its smart contract vault had been compromised. However, there are some who believe that this was an exit scam.

#13. MonoX – $31 million

This DeFi platform has passed some successful audits in the past, but it still hasn’t prevented hackers from discovering and exploiting a bug in its smart contract.

#14. Spartan Protocol – $30 million

This protocol has been audited, too, but the code still wasn’t flawless which made it possible for a hacker to get away with a solid sum of money.

#15. StableMagnet – $27 million

Investors were deceived by developers who left a known bug in the smart contract and exploited it to drain the funds from the vault.

How to avoid getting scammed

If you want to launch a DeFi product, it’s highly recommended to refer to third-party auditors prior to this event to check the smart contract and discover any potential vulnerabilities. Tokenguard can help you review your tokens’ security and find basic critical vulnerabilities as well as monitor the smart contract behavior after being deployed to the main-net.