The highest record of DeFi theft this year exceeded 120 million US dollars. Has financial innovation become a tool for "hackers" to make money?

On December 2, a DEFI security incident occurred in the well-known protocol Badger DAO, and users suffered total losses of approximately 2,100 BTC and 151 ETH, or approximately US$120 million . This is one of the security incidents with the highest amount of theft this year.

In fact, DEFI security incidents have been common for a long time. This year alone, Cream Finance has been attacked twice, the most recent one was on October 27, with a loss of about 130 million US dollars. The first was on August 30, with a loss of about 18 million US dollars.

Two consecutive lightning dai attacks within 90 days exposed the fragility of its ecosystem. The muddy waters stirred up by hackers made practitioners refocus their attention on security.

What is more serious is that its weaknesses have been exposed repeatedly, including the NFT market and the Gamefi market, which will stagnate due to their security being questioned. We are not good at technical analysis, but we can try to interpret the security dilemma currently faced by the DEFI platform from a logical level by comparing previous hacker attacks .

Before understanding the lightning dai attack, we must first understand what lightning dai is.

01
"Innovative Finance" Lightning Dai is frequently used by hackers

In Lightning Dai, all agreements and risks between lenders and borrowers are controlled by the platform. The occurrence and efficiency of borrowing are much higher than ordinary bank borrowing methods, which saves a lot of asset review and qualification review links. It is called Lightning Dai because of its convenience .

In the blockchain field, decentralized finance, as a reflection of centralized finance in the blockchain, has a large-scale ecosystem that applies the real-world banking management system. The rules of lending and pledging are mostly consistent with the rules system of centralized finance.

The only difference is that the centralized financial system is executed by rules set by centralized institutions, which may lead to mistakes, while the execution of DEFI's financial rules is handed over to smart contracts. The distributed structure and asset security completely controlled by smart contracts have promoted the development speed of this field.

Since the beginning of 2021, the DEFI ecosystem has rapidly developed to the level of hundreds of billions of US dollars. With the exponential growth of staking pools and user funds, the DEFI flash dai form has naturally emerged.

As an innovative financial model, Lightning Dai can achieve the same borrowing speed and quick experience as Internet Lightning Dai, and can realize unsecured borrowing, but requires repayment within the same block, otherwise the transaction will be rolled back and invalid.

Therefore, under the model of Flash Dai, most practitioners have experienced that without any effort or sacrifice, they can become "rich" in the platform in seconds, using huge amounts of funds and high-frequency transactions to tap into market returns. At the same time, a large number of early users engaged in Flash Dai have gained huge wealth.

However, the benefits of Lightning Dai have also been noticed by hackers. The incentives for malicious attacks on its protocol have become increasingly greater, so that more hackers have appeared, sacrificing the assets of ordinary users, and using protocol loopholes through repeated testing to steal funds from the Lightning Dai pledge pool.

So, how do hackers carry out flash dai attacks?

02

DEFI Flash Dai Attack

It is generally believed that flash attacks usually take advantage of flash dai protocol and platform loopholes, bypass the rollback mechanism through technical means, conduct arbitrage or manipulate prices, and then make profits by affecting market prices.

We usually believe that hackers generally have two purposes. One is to steal data from the other party's system (including digital assets and other data), and the other is to show off pure technology and demonstrate one's own technical strength by breaking through the other party's defense system.

However, the flash attack in the DEFI field does not seem like a real hacker behavior. It neither uses brute force to crack (in fact, a distributed system is almost impossible to crack by a small number of hackers), nor does it look for system loopholes to demonstrate its strength.

In principle, flash attacks in the DEFI field are usually not like hacker tactics . Instead, they use more financial and capital leverage to pry the market at extremely low costs and manipulate prices among multiple protocols.

Therefore, the purpose of flash attacks is generally clear. It is not an unconscious attack by hackers to show how powerful their direct technology is, but the purpose is to steal a large amount of digital assets . In this respect, rather than saying that those who carry out DEFI flash attacks are "hackers", it is better to say that these people are financial giants who are well versed in the rules of digital asset transactions.

In addition to the above-mentioned manipulation of the market for profit through technical and financial means, causing direct asset losses to users, DEFI flash attacks will also manipulate the governance structure, obtain a large number of ecological votes through flash dai attacks, and change the platform's governance rules at a lower cost, so that the rules are infinitely in line with their own interests, in order to achieve the purpose of profit.

From the perspectives of fund manipulation and governance structure manipulation, once the DEFI platform is successfully attacked by Flash Dai, the DEFI smart contract without centralized intervention becomes a money printing machine , and hackers can continuously "withdraw" funds from the platform through smart contracts that strictly abide by the contract mechanism.

To make it easier to understand, we can refer to the previous flash dai attacks this year to find out the attacker’s entry point, and also see where the weakest part of the DEFI flash dai model is!  

03

Flash Dai attacks

1. On May 30, 2021, Belt Finance, an AMM protocol on the BSC chain that combines multi-strategy yield optimization, was attacked by a flash dai attack .

The attack was caused by the attacker repeatedly buying and selling BUSD, exploiting the loophole in the balance calculation of the bEllipsisBUSD strategy to manipulate the price of beltBUSD for profit. (Please note that the attacker in this incident ultimately manipulated the price of BELTbusd, not the funds in the user and liquidity pool.)

The attack method is as follows:

Step 1: The attacker first borrowed 8 flash dai from PancakeSwap. 10 million BUSD was deposited into the bEllipsisBUSD protocol;

Step 2: Deposit 187 million BUSD into the bVenusBUSD strategy, and then convert 190 million BUSD into 169 million USDT through the Ellipsis contract;

This is a critical step. In this incident, the attacker performed a total of 7 withdrawal-exchange-charge operations . This repeated operation did not make the attacker profit, but such a huge amount of capital flow had an impact on the price of beltBUSD.

When the price of beltBUS is affected, it is equivalent to the attacker manipulating the price of the digital asset. Then the attacker uses the loophole in the balance calculation of the bEllipsis contract to generate a balance when performing a new withdrawal, exchange, and recharge. In other words, profits have been generated!

After profits were generated, the attacker converted the acquired assets into ETH in batches through the Nerve (Anyswap) cross-chain bridge and then fled.

2. On June 23, 2021, the Nerve-related machine gun pool in ElevenFinance was attacked by flash dai.

The attacker targeted Eleven Finance's Emergencyburn, which calculated the balance incorrectly and did not execute the destruction mechanism.

The attack method is as follows:

In the first step, the attacker borrowed BUSD from PancakeSwap and exchanged part of the BUSD for NRV; this step is a normal operation that anyone can complete.

In the second step, the attacker adds Nerve and BUSD to PancakeSwap to obtain LP tokens.

In the third step, the attacker puts the LP token into the Nerve-related machine gun pool in Eleven Finance to obtain the nrvbusd LP token;

Through repeated exchange, deposit and withdrawal, when the attacker withdrew the Pancake LP token, the Emergencyburn function in ElevenNeverSellVault should have destroyed 11 nrvbusd LP tokens and exchanged them for Pancake LP tokens, but Emergencyburn did not perform the burn action.

Attackers quickly discovered the vulnerability and exploited it.

The attacker then created the 0x01ea contract to lend out 30.9 BTCB, the 0xc0ef contract to lend out 285.66 ETH, and the 0x87E9 contract to lend out two flash dais of 2,411,889.87 BUSD and 7,693 BUSD for the attack. In the end, the attacker made a profit of nearly 4.6 million US dollars and left.

3. The attack on Cream Finance. On October 27, Cream Finance was hacked by repeatedly using “Lightning Dai” to lend and borrow funds between two addresses (A and B) to exploit a pricing loophole.

The attack method is as follows:

Step 1: The attacker used address A to obtain $500 million worth of stablecoins from MakerDAO lightning dai, minted yUSD from its yPool, and then deposited yUSD into Yearn's yUSD strategy.

The attacker minted $500 million in crYUSD using $500 million in tokenized funds. Please note that there was nothing wrong with the first step; it was just an exchange of a huge amount.

Step 2: Through address B, the attacker obtained $2 billion worth of ETH from AAVE lightning dai to use as collateral for CREAM. This allowed it to borrow about $500 million in yUSD and deposit it again to mint crYUSD.

Step 3: The attacker begins a cycle of deposits and loans between the two accounts until Account A has ~$1.5 billion in crYUSD and ~$500 million in yUSDVault.

In the repeated cycle of operations, the price of yUSDVault was leveraged by this operation and fluctuated, and the exchange and minting that were originally unprofitable began to generate profits.

After the attack was completed, the attacker escaped with $130 million in BTC and ETH.

Through the above three lightning dai attacks, I believe we can roughly summarize the real security risks of a DEFI lightning dai platform.

04
Security and Vulnerability of DEFI Platforms

It is still necessary to say that the asset security of the DEFI platform is reliable. Please note that the asset security mentioned here refers to the asset security of users. In the process of DEFI pledge and transaction, the user's funds are completely managed by smart contracts, and not through a centralized team or asset management platform. Therefore, there is no problem with the platform in terms of the security of user funds.

However, this kind of security is fragile. Because all transactions require the help of strategies, a platform often needs to be compatible with many protocols. There may be conflicts in the logic between protocols. This kind of protocol conflict is completely fine in the process of general user use, and the funds in the hands of general users cannot cause market fluctuations.

However, when the attacker uses the huge amount of funds in his hands to manipulate the price, since there is no centralized team to manage it, such fluctuations can only be allowed to occur. The exchange "balance" caused by the price fluctuation is thus generated.

The balance of each token is quite small, but when this balance is magnified to hundreds of millions or even billions of dollars, it generates large profits.

When attackers exploit conflicts in protocol logic and price manipulation to extract profits, the "false" profits caused by fluctuations will form a funding hole, which will eventually be paid for by all users and platforms. Therefore, the security of DEFI Lightning Dai is fragile.

After Cream Finance was attacked, the general view in the industry was that the development team was eager to expand the market, so it was compatible with too many protocols. This reckless compatibility was the real reason for the continuous attacks on Flash Dai. More people saw that the risks exposed by DEFI Flash Dai will seriously hinder the development of the industry in the future.  

05

summary

Cream Finance was attacked. The industry should not only focus on who will pay for the final losses and how to restore user confidence. What should be noted is that a solid underlying structure may not determine the stability of the upper layer.

Users are more concerned about whether protocol vulnerabilities (or more precisely, vulnerabilities that already existed when the protocol was designed) are "backdoors" deliberately left by developers, or "leek fields" targeted by industry giants.

In addition, how the Lightning Protocol avoids the impact of short-term price fluctuations on the protocol itself from the beginning of its design, or how to avoid the malicious impact of large-scale funds on the market and fluctuations in the price of individual tokens still needs further discussion.

In any case, the industry development should not be abandoned because of choking, but we should also know how to mend the fence after the sheep have been lost. When the logic loopholes of the protocol are magnified by price manipulation, the losses brought to the industry will be huge. The current industry has solved the basic security problems, and it is time to strengthen and redefine the superstructure.