Transfers from illegal digital wallets to DeFi platforms increased nearly 2,000% Cage Chen speaks with an attendee at the Cook Finance booth during the DCentral Miami Conference at the Miami Airport Convention Centre on Nov. 30, 2021, in Miami. (Photo by Joe Raedle/Getty Images)

Decentralized finance (DeFi) platforms have gained a lot of traction in recent years. Unfortunately, they have also gained a lot of attention from bad actors.

Indeed, cryptocurrency transfers from illegal digital wallets to DeFi platforms skyrocketed nearly 2,000% between 2020 and 2021 alone, according to research from Chainalysis. Although malfeasance may be waning, the use of cryptocurrency and DeFi networks is booming. Last year, 2021, was found to be the last year in three years where cryptocurrency exchanges did not process more than half of their transactions for bad actors, according to Chainalysis.

“I think this year is the year of DeFi coming into criminal activity — not only in the sense that DeFi protocols are being hacked,” said Chainalysis Director of Research Kim Grauer in a prepared release, “but also the way criminals are utilizing DeFi protocols to launder money."

Chainalysis found $8.6 billion in cryptocurrency transferred from illicit wallets to services in 2021.

James McQuiggan, security awareness advocate at KnowBe4, said that DeFi platforms are becoming all the more appealing to cyber criminals as they get bigger.

“[Bad actors] now turn to cryptocurrency and exchange organizations to infiltrate using social engineering attacks or targeting vulnerable perimeter systems that are not up to date on security updates or exposed to other exploits," McQuiggan said.

According to broader research, this is a widening problem for crypto finance in general.

Almost $3.2 billion has been snatched through DeFi systems, with $1.3 billion taken in the first quarter of this year alone. Just two years ago, less than one-third (30%) of stolen digital data came from DeFi. The vast majority, 97%, of cryptocurrency taken this year has been stolen from DeFi platforms — not exchanges, according to Chainalysis research.

Case in point: DeFi systems like Beanstalk, which was recently hacked, are still relatively new and act as an enticing opportunity for hackers to take advantage of its emerging security protocols, according to Jim Ducharme, chief operating officer at Outseer, which manages payment verification.

“Although a decentralized financial system sounds appealing to many, storing such sensitive information across a wide network of ledgers creates more openings for hackers to slip in undetected and steal large sums of money in the blink of an eye," Ducharme said.

Tari Schreider, strategic adviser for Aite-Novarica, said that while DeFi systems are “evolving almost daily, there is little history to look back on.”

Hence “cyber heists” like the recent Beanstalk intrusion are “grifts” where the attackers are exploiting openings in these emerging systems.

However, even if these emerging payment platforms begin to embrace a more traditional approach to security “defining rules around how financial systems operate whether crypto-based or traditional quickly gets complex, and complexity introduces the potential for unforeseen consequences,” said Chris Clements, vice president of solutions architecture at Cerberus Sentinel.

In the traditional financial world, there are inherent inefficiencies and safeguards — with many that came from painful experiences — to prevent or reverse damaging transactions even if they technically “follow the rules," Clements said. In the emerging crypto world, he continued, there is an “astronomical amount of money that can be compromised from finding a mistake in a smart contract, creating an incredibly compelling target for attackers.” 

These DeFi incidents (like Beanstalk) may come with advantages as well as risks.

“With hundreds of millions up for grabs, this is going to attract scrutiny not just from the smartest hackers in the world, but also large-scale organized crime and even nation-states,” according to Clements. “This doesn’t even account for the potential of insider sabotage by intentionally introducing such vulnerabilities. The motivation is staggering in scale.”