Centralization Caused Most Decentralized Finance Hacks in 2021

 

Centralization issues have emerged as the main attack vector in decentralized finance (DeFi), facilitating the largest share of the hacks — with USD 1.3bn worth of user funds stolen in 44 DeFi attacks last year, according to a recent report by security-focused ranking platform CertiK.

CertiK’s experts say they identified some 286 discrete centralization risks throughout the 1,737 audits they performed in 2021.

Data on centralization’s impact on DeFi security “underscores the importance of decentralization and highlights the fact that many projects still have work to do to reach this goal,” according to the report.

It added that, 

“Centralization is antithetical to the ethos of DeFi and poses major security risks. Single points of failure can be exploited by dedicated hackers and malicious insiders alike.” 

Among the attacks, DeFi lending protocol bZx (BZRX) was found to be exploited for more than USD 55m last November as a result of a private key mismanagement — serving as an example of privileged ownership which enabled the attackers to gain complete control of all contracts controlled by the key. In total, privileged ownership was detected 76 times in the company’s audits, according to the study.

Missing event emissions were the second most common potential vulnerability after centralization risks, found in 211 instances by CertiK’s auditors. 

The utilization of an unlocked compiler version was another common code error found by the firm’s experts, at 176 instances, and CertiK’s experts came across 104 lines of code which lacked proper input validation. 

Reliance on third-party dependencies, with 102 instances, was another identified potential source of trouble, according to the figures from the report.

Set up in 2018 by professors from Yale University and Columbia University, CertiK says it specializes in blockchain security, using artificial intelligence (AI) technology with the aim to secure and monitor blockchain protocols and smart contracts. The company’s security leaderboard has 1,464 projects onboarded with a total assessed market capitalization of USD 291bn.

____

Learn more:
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
– Decentralized dYdX Went Down Due to Reliance on Centralized Cloud Services

– Unstoppable Domains’ New Feature Allows Ethereum, Polygon Login With NFT Domains
– Heavily-Backed DeSo Makes Waves With Controversial Google Login Feature

– The Ethereum Premine Debate On Fairness, Regulation, and Centralization
– Cryptoverse & Busta Rhymes Point Out Flaws in Facebook’s Centralized System