DeFi is plagued by flagrant bugs leading to $10 million in losses over the past week

  • Three DeFi protocols lost nearly $10 million of user funds in a week.
  • The industry is still immature and vulnerable to exploits.

The past week brought a lot of excitement and a lot of grief at the same time. While Bitcoin traders celebrated the two-year high reached by the pioneer cryptocurrency and harboured aspirations for the new records by the end of the year, DeFi players had to grapple with numerous hacks and exploits.

FXStreet previously reported that hackers stole $100 million from the DeFi sector since the start of the year; however, nearly $10 million were lost within the last seven days.  

Percent, Acropolis and Value betray users trust

On November 12, someone hacked the DeFi yield farming project Akropolis through an exploit that involves Curve and siphoned about $2 million of users funds in DAI tokens. Notably, the project developers claimed that their smart contracts had been audited twice, but the attacker still managed to use the flash loans scheme to drain Akropolis's YCurve and USD pools. 

Akropolis (AKRO) dropped by 25% in a matter of hours and continued sliding down. At the time of writing, the token's price has settled at $0.009, down from $0.014 registered before the hack. The asset is ranked 365th, with a current market capitalization of $18 million.

Two days later, Value DeFi, another yield farming protocol, lost $6 million to hackers via the flash loan technique. Ironically, the team claimed that it had improved its vaults' security to withstand this type of attack. 

According to Emiliano Bonassi, a so-called whitehat hacker and the co-founder of DeFi Italy, the hacker launched a complicated and multi-stage exploit using two flash loans taken from different lending protocols. Namely, they took 80,000 ETH on Aave and 116 million DAI in Uniswap, deposited them to the Value DeFi's multi-stablecoin vault, and performed numerous swaps between USDT, USDC and DAI, exploiting the vulnerability of vault's withdrawal method.

Before running away with the loot, the thief sent $2 million back to the protocol. Later on, a crypto trader, aka @CryptoDeFi137, noticed that the protocol creators were in talks with the hacker, asking them to return $5 million of user funds.

Value DeFi transaction details

Value DeFi transaction details

The governing token of the project, VALUE, lost 25% immediately after the hack to trade at $2. At the time of writing, VALUE is changing hands at $2.15, having recovered 5% on a day-to-day basis. Based on the data provided on the project's official website, less than $1.5 million locked in the hacked Multistables Vault from $3 million right after the incident.

Percent Finance was not actually hacked. However, the protocol users also lost nearly $1 million in USDC, WBTC and ETH. Their tokens were irretrievably frozen on smart contracts following the interest rate model update. The users were not able to do anything with their coins while the team was working on the solutions to return the funds or compensate users for losses.

The price of the Percent Finance token (PCT) crashed by nearly 90% after the incident. At the time of writing, PCT is trading at $0.02 from $0.14 on November 4. 

Three lessons to be learned from the week of DeFi hacks

1. DeFi is an opportunity and a considerable risk at the same time

The skyrocketing popularity of the DeFi industry exposed the critical vulnerabilities of the DeFi ecosystem. Despite the explosive growth of the projects involved in the decentralized finances, most of them are highly insecure and vulnerable to hack attacks. 

Speaking in the interview with the host of Unchained Podcast Laura Shin, the co-founder of Ethereum Vitalik Buterin noted that the interest rates in the DeFi protocols are significantly higher than in traditional banks, and people tend to underestimate risks related to smart contracts. He also added that even audited and well-known platforms were not immune to hacks and errors.

2. DeFi tokens are vulnerable to losses

DeFi tokens earned by yield farmers can become useless in a matter of minutes. The experts drew parallels with the ICO boom in 2017 when the assets bought during the token sale underwent a standard boom-and-bust cycle. Most of them have zero value now, while their investors went broke.

Something similar is happening now in the DeFi industry, where even the tokens of well-established projects like Compound and Uniswap experienced a sharp price decrease from the levels registered at the launch.

3.  The industry is a Wild West territory

DeFi is often touted as a future of the global financial system that will replace the legacy system with its clumsy and costly institutions. However, at this stage, the industry is still at the early stages of its evolution. Being mostly unregulated, it offers scope for manipulations and wrongdoing. Meanwhile, users are not protected by anyone, meaning that they will be left alone with their losses in case of a hack attack, exit scam or code error. This is something to consider before rushing to a new red-hot project. 

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.

Cryptos feed

Latest Crypto News

Latest Crypto News & Analysis

Editors’ Picks

Dogecoin price targets massive 50% breakout to a new all-time high

Dogecoin had a colossal 100% rally in less than two days reaching a new all-time high at $0.145. The digital asset has a ton of bullish momentum behind it and aims for a new leg up toward $0.2. 

More Dogeoin News

Chiliz Price Forecast: CHZ bulls wait for no one, target 70% gain

Chiliz price confirmed a breakout from the flag pattern on April 12 and is poised for notable gains moving forward. Speculators will find some resistance at key Fibonacci levels, but the all-time high of $0.976 is in the crosshairs.

More Chiliz News

XRP Price Prediction: Ripple aims for significant rebound toward $2

XRP price has had an impressive 240% rally since April 3, hitting a three-year high of $1.96 and moving closer to ranking third again in terms of market capitalization, only $6 billion behind BNB at the moment. 

More Ripple News

AAVE, MKR, and YFI are mooning, here's where these DeFi tokens are heading next

The DeFi sector is booming again with practically all top 100 currencies in the green in the past week. Aave is leading the way, hitting a $6 billion market capitalization with Maker trying to follow its steps at $3.3 billion, a new all-time high.

More Cryptocurrencies News


Bitcoin Weekly Forecast: SEC commissioner cozies up to BTC ETF, on-chain metrics reset making way for volatile move

Bitcoin’s mainstream adoption has soared over the last couple of months, with institutions like Visa, Goldman Sachs, Morgan Stanley, and others dipping their toes in the BTC markets. Likewise, prices look primed to advance further despite the ongoing consolidation phase.

Read the weekly forecast