Drofa Comms started the new year by launching our own in-depth report publications of DeFi security in 2022. The year 2022 was officially the most notorious for DeFi security breaches, so the first exclusive report titled “An Overview on DeFi Security in 2022” looks into the current state of things in the decentralised market and studies the reasons behind these gruesome statistics. 

To get a wholesome picture of the events, we partnered with security expert firms — HashEx, Beosin, and Apostro, who gave their angles on the sector.

Let’s see what were the main trends that defined the industry.

Historical Losses and Key Attack Vectors

The blockchain analytics firm Chainalysis shows that since the emergence of the DeFi market, it has attracted more and more attention from hackers every year. According to Certik, there were various attacks on the decentralised finance market worth $2.546 billion from January to October 2022.

Let’s see what things were like before. In 2021, for example, a blockchain security company, Peckshield, reported $1.55 billion stolen from the DeFi sector which is noticeably less than in 2022. It’s also worth mentioning that only in the first quarter of 2022 almost $1.3 billion was lost to hackers — and that definitely is a catastrophe considering the 2021 numbers.Q1 losses alone nearly matched all of 2021, showing a very alarming increase in threats.

Rugpulls and flash loan attacks are the most popular incidents of embezzlement, but not the biggest in terms of the amount of money. The most lucrative attacks have been those aimed at cross-chain bridges. The two largest cross-chain bridge exploits in the first quarter of 2022 are the $624 million Ronin Network exploit, which was an advanced phishing attack, as well as an attack on Solanа Wormhole, which is valued at $326 million.

Attacks on cross-chain bridges are becoming more and more popular because they contain a lot of liquidity, which attracts hackers, and also have a rather complex system of interaction between interfaces and smart contracts, which makes it hard to provide full-service protection. 

These hacks reveal core weaknesses: bridges depend on secure keys and incentives, but poor safeguards let advanced criminals drain huge sums, shaking faith in DeFi's cross-chain future.

Expert Analysis: Causes and Future Outlook

To better understand the real picture and gain a deeper insight into the issue, we posed five questions to three industry experts from HashEx, a DeFi security and analytics company; Beosin, a Web3 security firm; and Apostro, a risk management platform

In regards to why the tendency is that scary, the experts saw several possibilities for it. They have concluded that, on the one hand, hackers got smarter, gained more experience in their search for vulnerabilities, and the DeFi sector became very attractive to them because of the amount of money put into DeFi firms. 

And it’s not just that — many newly emerged projects don’t go through complete security testing before going live which makes them an easy target for bad actors.

So, what’s next? There’s no one opinion among the DeFi security experts in regards to what the future may bring. Some say that the sector will mature in the next five years lowering the risks the decentralised market brings. Others stay on a more cautious side stating that the number of hacks is only going to grow going forward bringing more uncertainty about the foreseeable future.

Actionable Recommendations from Our Experts

In light of the scary tendency above, the most relevant question to ask our experts was — what should DeFi companies do to increase their security level? And there are quite a few measures they might undertake. Among them are:

• Introduce secure development processes, embedding security from the design phase to implementation.

• Conduct thorough pre-launch testing, including fuzzing, invariant checks, and penetration simulations.

• Hire specialised firms for formal verifications, mathematical proofs of contract correctness, and real-time monitoring tools.

• Educate technical teams on decentralisation principles, covering common pitfalls like reentrancy and oracle manipulation.

Conclusion

The main message of our panel of experts is that the DeFi market is evolving and growing, and the amount of exploits is growing along with this market, but the top companies and experts in the field are also developing every day, which should ultimately lead to a decrease in the number of stolen funds in the future, and increase investor confidence in the industry.

As DeFi grows towards mainstream adoption, proactive security measures will be the most important measure. Our report underscores the urgency for protocols to prioritise audits, and innovative defences like zero-knowledge proofs, ultimately transforming risks into opportunities for robust growth.

The full report is available below.

We would like to thank the following for their participation in preparing this material:

Dmitry Mishunin, Founder and CEO of HashEx;

Tommy Deng, Managing Director of Beosin;

Tim Ismiliaev, Co-founder of Apostro.