DeFi market is Growing and so Is The Volume of Hacks

5 min readJun 4, 2021

Decentralized Finance (DeFi) has taken the world by storm thanks to its many advantages, primarily its ability to allow users to control their privacy and finances. This market, built on the foundations of decentralization and immutability, along with removing third-party mediators from the equation, has recorded staggering growth in 2020.

To illustrate, Uniswap — the service that provides a decentralized Ethereum-based protocol allowing users to exchange ERC-20 tokens securely — has exceeded $4 billion in Total Value Locked (TVL), reached 250,000 unique addresses, and facilitated over $100 billion worth of trades. Several DeFi lending platforms — MakerDAO, Compound, and Aave — have also enjoyed plenty of success, with each surpassing over $5 billion.

The growth trend isn’t showing any signs of stopping, either. According to the data gathered by the analytics website DeFi Pulse, the TVL in DeFi has been hitting all-time highs almost daily since the second quarter of 2020. The boom is largely driven by the rise of decentralized trading (DEXs), crypto loans, yield farming, and other trends in this new financial system, leading to a drop in the use of centralized exchanges (CEXs).

Trouble in crypto paradise

Despite the growing interest and countless new opportunities, the DeFi market is still experiencing some growing pains. There is plenty of room for improvement here, in terms of technology, user experience, accessibility, but primarily security.

Specifically, due to DeFi’s focus on on-chain activity, domination of Ethereum Virtual Machines (EVMs), and the immutable nature of programmable smart contracts, hacking incidents of core crypto platforms are difficult to prevent and can cause immense and irreversible damage.

This problem is further perpetuated as cryptocurrencies become regulated and banks take the plunge, resulting in hackers becoming more incentivized to attack than ever before. Law enforcement is of no help as hack identification is difficult to carry out.

Illustrating the proportions of this problem, a study by Atlas VPN has shown that there were over 122 major hacks in 2020 alone, with a total of $3.8 billion of funds stolen.

The most common types of exploits include:

  • Flashloans

These are loans that have to be repaid in the same block from which they are taken, which allows malicious parties to extract money from smart contracts. These loans can be used to trade big amounts and cause on-chain liquidations.

  • Exchange hacks

Hackers can attack and drain stored funds from both centralized and decentralized exchanges.

  • Wallet hacks

Users’ wallets may hold a lot of funds, making them an appealing target for hackers. Hackers could gain access to them through security leaks.

  • Token minting

The minting functionality of some token contracts may allow hackers to mint new tokens and sell them.

  • International “rug-pulls”

Sometimes the team itself may act maliciously by pulling liquidity, minting new tokens, dumping their tokens, and the like.

Unless a good solution is put in place to mitigate the damage they cause, these incidents are bound to continue hurting the crypto world, turning away investors, and stalling mainstream adoption.

Immutability — a blessing or a curse?

One of the often praised advantages of blockchains is their immutability. This means that once a programmable smart contract is deployed on a blockchain, no further changes can be made nor can any transaction on it be reversed. While this may be a blessing in some situations, it can be a curse in others.

Due to exactly this immutability of the blockchain and smart contracts, any discovered bugs or hacks can’t be remedied with a simple patch like in the traditional distributed systems. It doesn’t matter how popular the smart contract is or how much funds it contains, there’s just no way to fix the problem unless the blockchain is reversed. However, reversing it is, in itself, a mammoth task and a rare sight.

Immutability of smart contracts is joined by their complexity, making it extremely hard to prevent every single attack vector. Moreover, all the code is publicly visible, and as long as programmable smart contracts carry financial value behind them, they will be prone to attacks. This is why it’s all the more important to have a safeguard in place that wouldn’t be affected by this immutability.

Is there a good solution to the rampant hacking problem?

As the DeFi space continues its spread into the official mainstream, it becomes clear that we need a solution that will stop these hacks and exploits. Luckily, the solution is almost here and comes in the form of a trusted and safe DeFi ecosystem.

In an effort to make crypto investing accessible and safe, as well as to increase the adoption of DeFi markets, Lossless was born. This is the world’s first crypto hack mitigation tool created by a team of experienced engineers, finance professionals, DeFi experts, and white hat hackers.

The team gathered with an idea to build a new protocol that would facilitate reliable DeFi investing and developments to support the growth of blockchain technologies. In other words, it’s a safe environment where everyone can trade and use their assets easily, quickly, and with minimum risk.

At its core, the Lossless protocol is a piece of code that token creators embed into their tokens. This code allows Lossless to freeze any fraudulent transaction, based on a set of fraud identification parameters.

The ecosystem employs two levels of loss mitigation:

  • A proof-of-stake hack finding platform:
  • An intuitive dashboard that allows manual overview and hack spotters
  • Bot-friendly API for community-created hack-spotting bots
  • A transparent reward system that guarantees high levels of participation and innovation
  • Three party Lossless decision-making structure:
  • Consisting of three entities: token creator, Lossless company, and Lossless Committee. The committee that overviews frozen transitions consists of investors with a significant share of LSS (Lossless) tokens and key public figures that provide trusted and unbiased decision-making, like auditing firms.

When a hacking incident happens, the following steps are taken:

  • Within minutes after a hack, a finder can freeze an address for 24–48 hours if they stake LSS tokens.
  • The Lossless decision-making body will then review the frozen address to determine if the hack is valid or not.
  • If it’s valid, the finder is awarded a fee and further steps are taken — the address is frozen for another 14 days, and a committee proposal is enacted for permanent address freezing and reversing the transaction. Within hours after the attack, the Lossless company evaluates the code and contacts the contract owner.
  • If it’s not valid, the finder’s staked LSS tokens are slashed and the address is unfrozen.

The DeFi space has great potential as institutions and investors become more interested in it. However, the problems of this nascent market put them at risk of financial loss, reputational damage, and loss of goodwill. As we have already ascertained, law enforcement can’t help much, which is why a solution such as Lossless is all the more necessary.

If you’re interested in creating a safe and trusted DeFi environment with minimized losses from hacks, exploits, or social engineering, join us and show your support on our:

Website | Telegram | Twitter




World’s first unrivalled exploit identification and mitigation tools, designed to foolproof web3 from malicious activity.