Historically, blockchain security efforts have focused mainly on on-chain threats. DeFi hackers identified vulnerabilities in smart contract code and exploited them for a profit. Smart contract audits are vital to help prevent these types of threats.
However, in recent months, the trend has shifted toward attacks that exploit operational risks. Compromised private keys and similar threats have been behind many of the largest DeFi hacks to date. For example, the Bybit hack — the largest DeFi hack to date — involved a combination of social engineering and compromised off-chain services to trick signers into approving a malicious transaction that drained approximately $1.5 billion from the project’s cold wallets.
As DeFi hacks shift from focusing on on-chain vulnerabilities to off-chain ones, smart contract audits are not enough to protect a DeFi project against attack. Projects also need to enhance the security of their off-chain processes and protocols to address the main security risks that attackers are exploiting.
The Decline of Smart Contract Exploits
DeFi hacks exploiting flaws in smart contracts still occur on a regular basis, and many of these hacks have price tags in the millions of dollars. However, the majority of the most expensive DeFi hacks don’t involve vulnerability exploits, and smart contract exploits make up a declining percentage of the biggest hacks.
This decrease is likely driven by improvements in the overall security posture of the DeFi community. As the industry matures, projects increasingly invest in smart contract audits that help to identify and address the vulnerabilities most likely to lead to a major hack. Additionally, as developers become more aware of common smart contract coding flaws — such as reentrancy and poor access control — and use standardized implementations — like those provided by OpenZeppelin — the number of vulnerabilities that reach production code will decrease.
This isn’t to say that every smart contract deployed on-chain is audited or that smart contract vulnerabilities are a thing of the past — they aren’t. However, these threats are making up a declining number of the major DeFi hacks. As a result, DeFi projects need to expand their risk management efforts to protect themselves against these evolving threats.
Operational Risks Are the New Focus
In recent years, the majority of the biggest DeFi hacks have exploited operational vulnerabilities rather than smart contract flaws. These attacks largely occur off-chain and don’t require flawed code to be successful.
Some common examples of these operational risks include:
Compromised Private Keys: Private keys are used to control access to blockchain accounts and generate digital signatures to approve transactions. Threat actors, such as the Lazarus Group, are increasingly working to steal these private keys via social engineering and similar means. By doing so, they can exploit the access granted to these accounts to carry out their attacks.
Infrastructure Vulnerabilities: While smart contracts may run on top of the decentralized blockchain, DeFi projects are also dependent on traditional, Web2 infrastructure and solutions. Cyber threat actors can target vulnerabilities in this architecture to attack DeFi projects. For example, the Bybit hack — the most expensive DeFi hack to date — involved compromising the Safe{Wallet} user interface code hosted on AWS.
Inadequate Decentralization: Several DeFi protocols implement decentralized governance schemes or decentralized validation for cross-chain transactions. However, these protocols are often not as decentralized as they seem or need to be for security. For example, the Ronin Network hack exploited the fact that a single organization controlled or had access to most of the bridge’s validators, and the response to the Hyperliquid hack demonstrated that the protocol was far less decentralized than it claimed.
Software Supply Chains: The use of third-party code is common in software development, but is even more prevalent in the DeFi space, where many smart contracts are open source. However, this introduces significant security risks if a project uses third-party code that contains vulnerabilities or doesn’t monitor for and apply updates when needed. Several DeFi hacks have involved protocols with code forked from another project that contained known, unpatched vulnerabilities.
Price Oracle Weaknesses: Most cryptocurrencies have values that depend on supply and demand, so DeFi projects need a means of determining the current value of a particular token. Price oracles are critical infrastructure for many DeFi smart contracts, but also a common target for attack. If a smart contract relies on a single oracle, then an attacker may be able to exploit this fact to drain value from the protocol.
Smart Contract Audits Aren’t Enough
Often, DeFi security programs focus on passing a smart contract audit. If any vulnerabilities identified during the audit are fixed before release, the project is considered “secure”.
However, threats such as compromised private keys are undetectable by a smart contract audit. Code with no vulnerabilities and strong access controls can be exploited if the blockchain accounts with privileged access and control are compromised by an attacker. For example, several recent DeFi hacks involved a malicious smart contract update from a benign, secure version to a compromised one after an attacker gained access to the deployer account.
Smart contract audits are a critical component of a DeFi security program since they have the potential to identify and address vulnerabilities that would otherwise leave a protocol open to attack. However, DeFi projects also need to identify and address off-chain and operational security risks.
Implementing Comprehensive DeFi Risk Management
An effective DeFi risk management program is one that addresses the most significant threats to the business. Increasingly, these are off-chain attacks, such as compromised private keys, rather than exploited smart contract vulnerabilities.
Managing these threats requires securing both DeFi code and the processes and infrastructure that secure it behind the scenes. Implementing best practices, such as multi-signature and MPC wallets, can dramatically reduce a project’s exposure to the biggest threats in today’s DeFi landscape.
Halborn offers security advisory services that support a DeFi project throughout its entire lifecycle and help to secure both a project’s code and operations. To learn more about how to navigate the evolving DeFi threat landscape, reach out to Halborn.