Decentralized finance (DeFi) refers to blockchain applications that cut out middlemen from financial products and services like loans, savings, and swaps. While DeFi comes with high rewards, it also carries plenty of risks. 

Since just about anyone can spin up a DeFi protocol and write some smart contracts, flaws in the code are common. And in DeFi, there are many unscrupulous actors ready and able to exploit those flaws. When that happens, millions of dollars are put on the line, often with no recourse for users.

DeFi users lost $10.5 billion to theft in 2021, according to a November report by Elliptic. But as our list of the largest DeFi exploits shows, that figure has since grown by millions. (All figures below are in the values of the funds at the time of the incident.)

Grim Finance: $30 Million

Grim Finance Image: Twitter

Often dApps take thematic inspiration from the blockchains on which they’re built. As a result, the Avalanche ecosystem is chock-full of snow references, like Snowtrace, Blizz, and Defrost. Meanwhile, the Fantom ecosystem feels like an on-chain Halloween party. That adds a darker spin when things go wrong, as was the case with Grim Finance, a yield optimizer protocol.

In December 2021, the protocol suffered a reentrancy attack, a type of exploit where an attacker fakes additional deposits into a vault while a previous transaction has yet to be settled. Eventually, the attack tricked the smart contract into releasing $30 million in Fantom tokens.

DeFi protocols normally use reentrancy guards—pieces of code that prevent such attacks. Grim…

Source link

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed