Losses from crime and theft associated with decentralized finance applications jumped 7 times in a year to reach $10.5 billion, according to a new study.
Billions of dollars were stolen from decentralized finance (DeFi) protocols in 2021, according to a new report by analyst firm Elliptic. As of November 2021, DeFi app users and investors suffered multi-billion dollar losses due to the malicious exploitation of bugs in decentralized applications (DApps) such as decentralized exchanges (DEX), lending protocols, and asset management apps. These losses include the direct loss of funds stolen from DApps as well as losses incurred by token holders associated with these protocols.
“The DeFi ecosystem is an incredibly exciting and fast-moving space, with financial services innovation happening at light speed. This is attracting large amounts of capital to projects that are not always robust or well-tested. Criminal actors have seen the opportunity to exploit this,” said Tom Robinson, Chief Scientist at Elliptic.
The total value locked (TVL) of crypto assets in DeFi protocols, the main indicator of DeFi market liquidity, increased almost 500-fold in two years, jumping from $500 million in November 2019 to just over $247 billion in November 2021.
The rise in popularity of DeFi led to a significant increase in the number of related crimes. Elliptic uses the new term DeCrime to refer to this type of crimes, which denotes financial crimes related to decentralized financial instruments such as DApps. Losses due to theft and crime on DeFi platforms increased 600% since 2020, with $10.5 billion stolen since the beginning of 2021, up from $1.5 billion in 2020. In total, over $12 billion was lost due to the malicious exploitation of DeFi. Errors in code and development of decentralized applications are the most common reason hackers and fraudsters use to steal funds.
“Decentralised apps are designed to be trustless in that they eliminate any third-party control of users’ funds,” said Robinson. “But you must still trust that the creators of the protocol have not made a coding or design mistake that could lead to a loss of funds.”