The amount of money lost in hacks of decentralized financed (DeFi) projects more than doubled to $1.3 billion in 2021, with centralization the most common vulnerability, Certik said in its inaugural “State of DeFi Security” research report.
- While the value lost climbed 160%, the amount was a smaller proportion of the total than in 2020 due to growth of the DeFi market, the security firm said in the report released on Wednesday. The lost funds represented 17% of the total market cap, according to the report.
- The total value locked (TVL) in DeFi protocols at end-2021 was $243.88 billion, up from $18.29 billion the year before, according to DefiLlama data. That means the lost funds shrank to 0.5% of TVL last year from 2.78% in 2020.
- Centralization was the most common vulnerability “by far,” the security firm said. Certik found 286 discrete centralization risks through the 1,737 projects it audited, including privileged ownership. For example, some projects were drained when hackers obtained private keys that gave them complete control of smart contracts. This likely would have been avoided using multi-signature wallets or DAOs instead of one or a set of private keys.
- The second most-common vulnerability was missing event emissions, followed by use of an unlocked compiler version, code lacking proper input validation, and reliance on third parties. An event emission is information produced by a smart contract when it is executed.
- The report also found that Ethereum surpassed the Bitcoin network on fee revenue. It now generates more than 64 times Bitcoin’s revenue and 4 times the number of daily transactions. But Ethereum also suffered from its success as high transaction fees sent users to other platforms.
- Certik noted the rise of Ethereum alternatives, such as Binance Smart Chain. Binance’s layer 1 protocol saw TVL rise 31,000% to $21 billion, Certik said.
- The security firm raised $80 million in a Series B2 fundraising in December 2021, bringing its valuation to $1 billion.