Kofi Kufuor, Partner at Crypto Investment Heavyweight 1confirmation, Shares Detailed Analysis of Crypto Protocol Attacks
Contents
- Four main types of attacks in DeFi
- Multi-chain applications and bridges under fire
Kofi Kufuor offered his own classification of attacks on decentralized finance (DeFi) protocols and pointed to the top vulnerabilities this turbulent segment is exposed to.
Four main types of attacks in DeFi
According to his in-depth article, all the attacks that resulted in money being stolen from cryptographic protocols can be divided into four types based on the “vulnerability stack”.
1/ I’ve collected data on over $4 billion in crypto app hacks
In this article, I explain how the hacks were executed, the tools we have to prevent history from repeating itself, and the predictions for the future of crypto securityhttps://t.co/W2A9lPz69O
— Kofi (@0xKofi) October 6, 2022
That said, all recent attacks are executed against the ecosystem, protocol, smart contract language, or infrastructure. Infrastructure attacks target consensus weaknesses, internet systems behind DeFis, private keys, etc.
Smart contract language attacks exploit design flaws in the programming languages used to create smart contracts. Protocol logic attacks are executed under poor business logic and symbolic weaknesses.
Ads
Finally, ecosystem attacks target the interactions between different DeFi protocols: to initiate an attack (or amplify it), criminals borrow money from one protocol and inject it into the liquidity pools of another DeFi.
Multi-chain applications and bridges under fire
Ecosystem attacks are the most common: over 41% of all DeFi hacks belong to this group. At the same time, if we exclude the three most devastating hacks from the analysis (Ronin Bridge, Poly Network, BNB Chain bridge), infrastructure attacks resulted in the greatest losses.
Among ecosystem hacks, flash loan attacks with price oracles are the most common; various attacks on private keys (phishing, brute force, compromised keys, etc.) are dominant in anti-infrastructure hacks.
Ethereum-based apps have witnessed $2 billion in stolen funds. More than half of attacks in 2020-2022 targeted inter-network bridges and multi-blockchain applications.
