DeFi exploits total $680 million so far in 2021
November 2, 2021, 1:24PM EDT · 2 min read
- There have been 70 DeFi attacks this year across four blockchain platforms.
- Around $1.4 billion was initially stolen but $760 million has been returned.
The total amount of funds stolen in DeFi attacks has reached $680 million so far this year, according to The Block’s Data Dashboard.
Data collected by The Block Research shows that $1.4 billion was initially taken from DeFi protocols through exploits and bugs but $760 million has been returned.
Over the year, the space witnessed 70 of the biggest DeFi exploits across four blockchain platforms. The majority of the exploits happened on Ethereum — 34 to be precise — with Binance Smart Chain a close runner-up with 25 attacks. We also saw three on Polygon and two on Avalanche.
Out of the attacks, 34 of them employed flash loans. These are loans that are taken out, used for some function and repaid all in the same transaction block. This means the lender knows their money will be returned (or it was never borrowed in the first place).
As a result, flash loans can be very large at a low cost, enabling hackers to borrow huge amounts of funds in order to maximize the damage of such attacks. (For a detailed analysis of the pros and cons of flash loans, see here.)
For example, DeFi protocol xToken suffered an exploit in May. The perpetrator used a flash loan to borrow 61,800 ETH ($270 million) to upset the system and take off with $24.5 million. The sheer size of the flash loan made the attack more profitable.
Three of the five biggest hacks were for Poly Network, which lost $611 million in total before it was then all returned. Other big losses included Compound, which suffered a bug in September that led to the unintended release of $114 million in COMP tokens — of which about half was returned.
Late last month, Cream Finance was exploited for $130 million using a large flash loan.
© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.