Fraud and theft at decentralised finance platforms has totalled $10.5 billion (€9.3 billion) so far this year, newly-published research showed on Thursday, laying bare the risks in the fast-growing but still mostly unregulated area of cryptocurrencies.
It is all due to Decentralised Finance (DeFi) platforms, according to the study.
DeFi is a blockchain-based platform that allows users to lend, borrow and save (usually in cyrptocurrencies), but it can be done without the traditional gatekeepers of finance such as banks.
Instead, it uses smart contracts, which are software programs that allow for agreements on the blockchain. Backers say the technology offers cheaper and more efficient access to financial services.
Cash has poured into DeFi sites this year, mirroring the explosion of interest in cryptocurrencies as a whole. Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.
Yet crime is also booming in the mostly unregulated sector, according to London-based blockchain analytics firm Elliptic. Users have suffered over $12 billion (almost €11 million) in losses through crime at DeFi apps, lending platforms, and exchanges since 2020, with the majority of losses coming in 2021 alone, it found.
Code bugs and design flaws
Bugs in code and design flaws allow criminals to target DeFi sites, Elliptic found, with deep pools of liquidity also allowing criminals to launder proceeds of crime while leaving few traces. Scams are also common, it added.
"Decentralised apps are designed to be trustless in that they eliminate any third-party control of users’ funds," said Elliptic's Tom Robinson.
"But you must still trust that the creators of the protocol have not made a coding or design mistake that could lead to a loss of funds".
Major DeFi platforms say they take a variety measure to bolster security, from hiring external firms to audit code for vulnerabilities to maintaining keys and passwords needed to access user wallets in secure environments.
Cryptocurrency worth some $86 billion (over €76 billion) is currently stored on DeFi platforms, versus $12 billion a year ago, according to sector tracker DeFi Pulse.
Major investors have also bet heavily on the growth of the sector, with Canadian pension fund Caisse de Dépôt et Placement du Québec last month taking part in a $400 million (€354 milion) investment in major lending platform Celsius Network.
DeFi site Poly Network was in August rocked by a $610 million (€540 million) crypto theft, one of the biggest ever - though the hacker later returned nearly all the loot.