NEW YORK--(BUSINESS WIRE)--CertiK, the global leader in smart contract and blockchain security, today released its inaugural 2021 State of DeFi Security report. The report offers expert insight into some of the most impactful trends of 2021, such as the massive growth of decentralized finance (DeFi), top tactics used by hackers, and the critical importance of auditing based on hack events throughout the year. The report also details the industry-wide security changes that will be needed for blockchain to shift into the mainstream in 2022 and beyond.
“The explosion of the DeFi and crypto industries has also led to a significant increase in cybercriminals targeting blockchain projects,” said Ronghui Gu, co-founder of CertiK. “Cryptocurrency losses due to hacks, exploits, and scams in 2021 reached an all-time high of $1.3 billion - a 2500% increase from 2020. In the new year, it is critical that companies proactively search for and address vulnerabilities to counter this surge in malicious activity. Bolstered with clear industry-wide best practices, we can reach a point where blockchain protocols aren’t subject to the volume and severity of attacks seen last year.”
The report reveals the top industry statistics and takeaways of 2021:
- DeFi took off, fueling a need for blockchain security – Decentralized Exchange (DEX) volumes tripled, Total Value Locked (TVL) quadrupled, and Ethereum’s transaction fees (or gas fees) skyrocketed. With such explosive growth, blockchain security became more important than ever.
- Hackers found new ways to play old tricks - Centralization issues were the most common attack vector exploited in the $1.3 billion in user funds lost in total across 44 DeFi hacks. The DeFi protocol bZx was exploited for more than $55 million due to private key mismanagement. This was an example of privileged ownership (found 76 times in CertiK audits) that allowed the attacker to gain complete control of all contracts controlled by a private key.
- Other most common vulnerabilities include missing event emissions, utilization of an unlocked compiler version, improper input validation and reliance on third-party dependencies.
- The majority of DeFi platforms exploited in 2021 were unaudited. For example, Alchemix and Compound – two high-profile DeFi platforms– suffered multimillion-dollar losses because of bugs in their code that were not detected. A tiny error can lead to massive losses, such as in the case of Uranium Finance. The unaudited fork of Uniswap deployed on BSC and lost $57 million of user funds due to a single character in their source code.
The report’s findings underscore the importance of security and highlight the fact that many projects still have work to do to reach this goal. While there will always be risks involved when pushing the boundaries of what’s possible in DeFi, security does not need to come at the cost of innovation. Auditing needs to become a core need for every crypto platform.
“CertiK audited a total of 1,737 projects in 2021,” continued Gu. “The market capitalization of those projects came in just over $90 billion. With such a marked growth in demand for auditing, it’s a clear and reassuring sign that blockchain security is becoming a priority for projects internationally. Our report highlights the amount of work that must be done before DeFi can be seen as a secure place to invest, innovate, and explore.”
Download the CertiK 2021 State of Defi Security Report.
CertiK’s mission is to secure the cyber world. Starting with blockchain, CertiK applies cutting-edge innovations from academia into enterprise, enabling mission-critical applications to be built with security and correctness. Headquartered in New York City, CertiK was founded by computer science professors at Yale University and Columbia University. CertiK is backed by industry leaders, including Sequoia, Coatue Management, TigerGlobal, GLVentures (Hillhouse Capital’s venture arm), Binance, Coinbase Ventures, Lightspeed, and more. Learn more at www.certik.com.