- In 2020, crypto crime fell by 57%, but Defi hacking surged by 100%, costing businesses and investors billions of dollars
- In March, TurtleDex carried out a rug pull, which was essentially a backdoor in the smart contract that resulted in $2.5 million being stolen from investors
- The creators of Ethereum or Binance smart contracts have final control over what enters into the code, and there are ways to put harmful algorithms in smart contracts, such as rug pulls
With over $100 billion in total value locked (TVL), decentralized finance (Defi) is here to stay, demonstrating the public’s confidence in these new financial instruments. This investment will continue to grow, yet it appears that with each new TVL record, another network assault with enormous damages is disclosed. Crypto crime decreased by 57% in 2020, while Defi hacking increased by 100%, costing businesses and investors billions of dollars. Several assaults occurred over a five-day span in March, with Paid Network losing $180 million. PancakeBunny lost more than $200 million in a flash loan scam later in May. There are clearly far too many security flaws and vulnerabilities in existing blockchain security mechanisms. From rug pulls to phishing scams, this industry’s security and technology aren’t as advanced as the figures suggest. However, both developers and consumers may adopt some best practices to close the gap.
We saw numerous procedures emerge during the summer 2020 yield farming boom to profit from the money coming into Defi, and this trend has persisted into this year. TurtleDex carried out a rug pull in March, which was basically a backdoor in the smart contract that led to the theft of $2.5 million from investors. TurtleDex is one of several projects this year that coded a rug pull, which is a deliberate feature that allows developers to design scams that are then performed based on other events in the code.
Smart contract audits are an excellent method to avoid rug pulls, but we’ve seen situations where developers would replace an audited smart contract with one that hasn’t been audited. Compounder’s example illustrates how simple it is for a fraudulent enterprise to garner clout by using well-known, respectable brands in the industry. They were able to swiftly profit from Harvest Finance and Yearn.finance before swindling their consumers out of millions of dollars in cryptocurrency.
The basic structure of every protocol, no matter how decentralized it pretends to be, is still centralized. When it comes to DNS records, one of the internet’s most important characteristics, every domain name is still centralized — controlled by either a government, state, or corporation with ultimate power over the domain and the ability to turn it off at any time. Smart contracts are an example of centralization and decentralization. The people who create Ethereum or Binance smart contracts have the ultimate say on what goes into the code, and there are methods to include malicious algorithms, such as rug pulls, in smart contracts.