2020 was a very good year for DeFi, as the protocol became widely adopted and more popular. However, theft from DeFi platforms also increased, with $120 million stolen from DeFi platforms in 15 different hacks
It should be noted that most of DeFi projects are open-source, which means that it is easy to access codes via GitHub for inspection both by legitimate and malicious users. When the wrong people find bugs first, they can be exploited to steal funds from the platform. That’s the reason why hackers are always trying to exploit DeFi protocols.
Some protocols are more affected than others, with the Bzx protocol losing 1,200 ETH after a flash loan attack in February.
The bZx DeFi platform was also exploited again on September 13, as the hackers made away with $8.1 million. The September hack was the third time the protocol was attacked in 2020.
At the time of the exploit, the bZx team stated that it discovered that its platform ad been exploited after a single withdrawal led to a major drop in their Total Value Locked.
They later discovered that a bug exists in their protocol, which deceived the platform to mint unbacked interest accumulating iTokens.
The bug on the bZx platform enables the hacker to get duplicated tokens. The hackers were able to mint the unbacked iTokens and withdraw them to their wallets.
When the bZx team noticed the exploit, they stoped the minting process and resumed only after the vulnerability has been patched. However, the bZx attack was not even the biggest DeFi hack in 2020.
Lendf.me exploit was the largest in 2020
The Lendf.me $25 million hacks was the DeFi hack with the biggest stolen funds. In the hacking attack, a reentrancy attack vector gave a hacker the access to interact with the token contract while mistaken it as having a lot of collateral.
The hacker swept all the assets in the platform, but the funds were subsequently returned.
At the time of the attack, ZDNet reported that the hackers chained legitimate features and bugs together from different blockchain technologies. Both attacks were considered related and most likely perpetrated by the same group. The only good side of his hack was the fact that the stolen funds were returned, unlike other platforms that were not so fortunate.
Options platform Hegic also suffered an attack on its DeFi platform, losing $48,000 in the process.
Other notable DeFi hacks in 2020 include the Balancer exchange hack ($500,000 stolen) and the $530,000 Uniswap.