NEW YORK & LONDON--(BUSINESS WIRE)--Billions of dollars have been stolen from decentralized finance (DeFi) protocols, a flourishing alternative financial system that replaces traditional intermediaries with software running on blockchains, according to new research by Elliptic, the global leader in cryptoasset risk management.
Elliptic’s report DeFi: Regulation, Compliance and the Growth of DeCrime reveals that as of November 2021 just over $12 billion in losses have been suffered by DeFi users and investors, due to the malicious exploitation of flaws in decentralized applications (DApps) such as decentralized exchanges (DEXs), lending protocols and asset management offerings. These losses include direct loss of funds stolen from DApps, as well as losses suffered by holders of tokens associated with these protocols.
DeFi platforms have become increasingly popular in recent years, fuelling a boom in cryptoasset use. The “total value locked” (TVL), a measure of the liquidity of DeFi services, increased by a factor of nearly 500, from $500 million in November 2019 to just over $247 billion today.
This rise in popularity of DeFi has attracted a significant increase in associated DeCrime, a term coined by Elliptic to denote financial crime that involves decentralized financial tools such as DApps. Losses due to theft and crime across DeFi platforms have increased by 600% from 2020, with $10.5 billion being stolen since the beginning of 2021 compared with $1.5 billion last year. More than $12 billion in total has been lost due to malicious exploitation of DeFi.
Tom Robinson, Chief Scientist at Elliptic, said: “The DeFi ecosystem is an incredibly exciting and fast-moving space, with financial services innovation happening at light speed. This is attracting large amounts of capital to projects that are not always robust or well-tested. Criminal actors have seen the opportunity to exploit this.”
According to the report, the prevalence of DeFi theft and crime is largely due to the untested and immature nature of the technology available. Mistakes in the design and development of decentralized apps are the most common cause, giving rise to bugs which hackers can exploit, accounting for $10.8 billion of all losses. Another $1 billion in losses are the result of exit scams (where a DApp creator intentionally leaves a ‘backdoor’ in the code that allows them to steal users’ funds) and the theft of “admin keys”.
“Decentralised apps are designed to be trustless in that they eliminate any third-party control of users’ funds,” said Robinson. “But you must still trust that the creators of the protocol have not made a coding or design mistake that could lead to a loss of funds.”
Robinson said: “DeFi looks set to become an increasingly important part of our financial system, making financial services more accessible, efficient and competitive. But we are still at the experimental stage and DeFi users face significant risks. As the technology matures and becomes better-regulated, losses will fall and DeFi will become a practical alternative to the banks, asset managers and exchanges that we currently rely upon.”
Notes to editors
About the DeFi: Regulation, Compliance and the Growth of DeCrime
Elliptic’s report DeFi: Regulation, Compliance and the Growth of DeCrime is the first study for compliance professionals to assess the state of the decentralized finance ecosystem from a regulatory perspective, whilst offering a data-led evaluation of the value and total loss incurred as a result of crime carried out across decentralized finance protocols (DeCrime).
Founded in 2013, Elliptic pioneered the use of blockchain analytics for financial crime compliance and has built the most accurate and trusted crypto identity dataset in the market. Two thirds of crypto volume worldwide is transacted on exchanges that use Elliptic; these businesses rely on Elliptic’s solutions to manage risk and generate insights by leveraging over 20 billion data points covering 98% of all cryptoassets by market cap.
Elliptic is the global leader in cryptoasset risk management for crypto businesses and financial institutions worldwide. Recognized as a WEF Technology Pioneer and backed by investors including Wells Fargo Strategic Capital, SBI Group, and Santander Innoventures, Elliptic has assessed risk on transactions worth several trillion dollars, uncovering activities related to money laundering, terrorist fundraising, fraud, and other financial crimes. Elliptic is headquartered in London with offices in New York, Singapore, and Tokyo. To learn more, visit www.elliptic.co and follow us on LinkedIn and Twitter.