Hackers were able to take advantage of the growing popularity of DeFi platforms in the crypto community and vulnerabilities in hastily built bridges.
Analyzing the main reasons that led to hacks and asset theft from decentralized platforms, DeFillama reports that about 23% of cases were due to compromised private keys, 7% were due to access control exploits, about 5.8% were the result of verification errors and another 5% were due to schemes targeting quote oracles.
“Most bridges are built with a Web2 mindset.This is the wrong mental model because every transaction is final, and a single mistake can cost hundreds of millions of dollars,” commented LayerZero Labs co-founder and CTO Ryan Zarick on the DeFillama study.
The LayerZero executive’s opinion is echoed by Erin Plante, vice president of investigations at Chainalysis, who says crypto bridges have become a popular target for hackers in recent years:
<blockquote
“Bridges are a very attractive target because in many cases have some sort of central point where deposited tokens are stored. Regardless of how and where those funds are stored – in a smart contract or at a centralized custodian – it is that point that becomes the target of criminal attacks.”
On Sunday, July 30, a vulnerability in the Vyper smart contract programming language compromised multiple liquidity pools in DeFi projects. The issue is reported to be a faulty re-entry lockout. Over the past 24 hours, hacks worth more than $41 million have already been confirmed, including hacks at Curve Finance.