Bitcoin Forum

So lately there's one of DeFi platforms (Akropolis (https://akropolis.io/)) that has admitted (https://twitter.com/akropolisio/status/1326962438365966356) they got hacked (over 2 million in DAI) through a flash loan attack recently.

Read the full article -> https://decrypt.co/48081/defi-platform-akropolis-admits-to-being-hacked-for-2-million

Previously there are several DeFi got the flash loan attack as well such as Harvest finance and bZx.
What's your thought about it? Does DeFi are too vulnerable to be attacked?

They are vulnerable to attacks too. Just like DEX and centralized exchanges, they are not exempted from the attacks and abused of hackers. $2m of DAI is a big amount of loss. The reason why everybody has to think before investing to a Defi is because you're allowing your money to stay on them and if an attack like this occurred, it's likely that your fund will also be part of it which is we don't want to happen. That's one major reason why it's better for me to buy and hold.

Defi is not really vulnerable to attack, it is only due to the subjectivity of Defi projects about security, then they are only interested in the amount they have raised but are sketchy in the security mechanism. they took too much importance in developing the protocol, and that in turn made it easier for hackers to attack.
This is also one of the problems that makes Defi not a long term trend. As it may be sold off at any time, people should not hold or staking at this time.

It's surprising to see this news that Akropolis which got audited was also attacked. I think these hackers are targeting DEFI platforms with lending feature especially. I remember buying 2k$ worth of BZRX before their platform official launch, but price went south after their platform hack. I think the audit companies do need to upgrade, in order to spot loopholes which can be taken advantage by hackers.

As per incident you have stated I really think they are immune and vulnerable to attacks I really think it's really risky to invest to DeFi right now not just because there's a lot of scam DeFi's that is all over around but if they are successful they were then immune to attacks.

These platforms will improve their way up to be secure with time because as with every new thing it has many requirements to perform ideally which can take a lot of time and effort that is why i say that give defi some time and we will see huge improvement. I expect defi platforms to be very secure and professional in 2 to 3 years time.

In other words, most defi projects are not prioritizing security on their system/mechanism? What I mean is most of them just put the security on average which as long it could be called as "safe" then it's enough..

Of course they should do that, if they don't improve it then people would retake the remaining funds on them and leave it. In the worst scenario, there's a chance they would be the next dead project.

At first I'm a advocate of third party doing an audit of the code, before finally releasing it to production. But it seems that it is not enough as hackers are one step ahead of the game, finding loopholes in front wherein this so called auditors can't find in the first place. I'm sorry to hear that another of this Defi platform got hacked, but I guess this will be the scenario and more are going to come in the future in projects are not going to be active testing their systems even after it has been released.

a lot of these defi projects are vulnerable to attacks because let's admit it, most of them are launched prematurely. i don't think they really look into their security diligently. as most of them are racing to get their customers and launch as soon as possible to catch the hype, they haven't dedicated enough time to secure their network.
defi investors should really assess their investments on this platform, and evaluate its long-term roi. because am seeing most of them will die very soon as they have empty foundation to begin with.

When we heard news regarding bzx hack, their community dumped it quite hard the moment the news was released. But I am quite surprised to see that akropolis is stable yet after this news, looking like a trap and traders should stay away from their 'beehive'. It is not acknowledgeable when they call it Decentralized Finance but trust auditors who work as central authorities to do their job.

Hackers will make everything vulnerable because they are working hard for this and we don’t have the guarantee of being safe in cryptomarket, its all about the risk. DeFi is same with cryptocurrency of course, so hacking incidents are not new anymore and of course there’s also a possibilities that this can be an inside job, either to scam people or a greedy member of the team, who knows.

I think they are vulnerable to attack because they rush their launching to compete against other cryptocurrency projects.  A platform should be planned for years and should be tested heavily for possible exploits.  The thing with these platforms (not only Defi platform) is that they are in a rush to earn big sacrificing security testings.  

I am not sure, once again, that we can really call what happened an 'attack'.  ::)

 By offering the tools it brings to its users a defi platform must know some people will be clever and will manage to abuse the system. I think it's more ingenuity than hacking.

My 2 cents

https://twitter.com/bneiluj/status/1327179229679726592

DeFi are mostly just shit with this name alone being the only reason why the tokens got surged higher, else there's no f**king security that these tokens have. Isn't it too early for us to see these types of news coming so quick for so many DeFi tokens? If these DeFi platforms are not safe themselves, how the hell can someone trust them with their funds? There are a few billion USD that are invested in many DeFi platforms, if these platforms can't take care of their own, how can they assure others to put their money in these clowns' hands.

I really hope these kind of attacks are not an insider or the platform itself are involve and they just want to take advantage with their users.
These kind of attacks are also one of the disadvantages of some decentralized exchange since the platform assuming that they don't have access to your funds since you got the keys of your wallets or you are the one controlling it, but then again this kind of attack may really happen anytime.

The answer is explained in your topic itself, yet another DeFi platform is hacked and that means it is vulnerable to attacks and then if you make a search you will see dozens of scams in the market as well. It looks like a treasure trove for scammers just like they did in the past during the ICO days before the last rally and the same is happening again which is really unfortunate.

Lol, there is an auditor and yet they haven't found the exploits that the hackers discovered? How come?

So this so called third party auditors are just useless for them, we don't know how much money they are getting paid by these projects to do this so called "check my code for exploits" thingy. I also have a hunch that maybe these auditors see the bug, didn't tell the project so that they themselves will take advantage of it before everyone could find out.

And that $2 million was quickly liquidated, so it means this have been plan in advance to cover their tracks that's why I suspected that this could be an inside job after-all. And yeah, don't blindly trust any projects with the DeFi hype because chances are you are going to lose your hard earn money.

Please check the right use of the word immune because its contradicting ythe thought of your statement. All project is vulnerable to attacks whether Decentralized or Centralized. The problem on Decentralized is when the code has some major bug that do not fixed once the product was already running. Since it was powered by smart contract, It's hard to stop it once it's started and most of the DeFi project are rushing just to present there product. Not all DeFi are not safe for investment like Chainlink. There are just some project like loan and financing that are prone to attack.

Akropolis released an open letter to the hackers;
- https://medium.com/@akropolisio/open-letter-to-akropolis-delphi-hacker-91e883667cc


They've admitted the hacks, the security is not really safe on this defi platform systems. Good thing they have a plan to compensate their user's funds but this doesn't get rid the fact that they are prone to hacks and their reputation changed suddenly because of this incident. Defi projects like this loan/trading platforms are still new however giving most of the users now the doubt because they had the weak security that a decentralized finance should have strong guaranteed about it's security because they are handling finances.

It has been warned over and over again that Defi is not yet in its best form right now and so it is more vulnerable to attacks as of this infancy stage than it will be in the future after years of development. There are still some loopholes that needed some fixing ang polishing. This is the reason why experts are advising Defi investors to do it slow and small with it. The risk is high. And there is sufficient data to support that, not just this latest attack.

Akropolis is a defi lending and savings protocol. Users can take out loans, and they can also earn interest on crypto deposits. They were hacked because their platform security is not that safe. So for instance, they should have doubled their precautions to prevent this kind of problem.

The defi operation is almost 100% depends on the code that has been used. When there's a vulnerable code being discovered by hackers and it could be the end for the defi.
What i have learned a lot from akropolis's case was if hacker is very skilful compared with the auditor.


There must be a regular audit to the code. Defi is not so safe as cex.

I have one thought with you. But my suspicion is more towards "third party code auditors". Idk, I dont really place all my suspicions on "insiders". Perhaps the attacker actually knows the weakness of a code auditor that is often overlooked for platform security testing.

It's clearly stated that if the attack is not yet discovered by the team and the hacker has found it available on the code. Security is a big problem in crypto history.
So many security incidents happened and it thinks that it can't be solved easily.
The flash loan is a part of decentralization and this is the homework for the defi developers.
All of the hacked cases always related to the flash loan. So many hacked cases in the defi platforms caused by the vulnerability in the flash loan. It's sad to say the flash loan is a must in the defi feature.

Right now some people will make DeFi the scape goat of all this hackings, the truth is any project can get hacked not just DeFi projects, DeFi projects have been hackers target since DeFi Hypes, it was same thing with ICO projects years ago, whenever something new plays very good in crypto space scammers and hackers will start their own work as well.

The reason for the hacking of defi projects is that these projects are not able to hold their position due to taking loans there are also many scam projects which are running their platforms under the name of defi. Therefore if you donate to any platform you have to be careful and verify the projects hackers use different methods to hack not all defi platforms are the same. Defi projects are being hacked due to their good position in the market and the number of scammers is increasing that is why using this name is fooling everyone.

defi is not sustainable

Of course, we can say this. Because their only goal is to make money and they have no interest in security, even where money matters, strict security is ensured. However, the DeFi projects that are being introduced today have a lot of security-related issues.
I think these projects need to focus more on security, If similar attacks continue, people will soon be scared of it and no one will invest in DeFi.
As we all know, Whenever hackers steal any particular coin., the value of that coin falls considerably, which takes some time to recover.

True ,and there are many bugs that need to be fixed first before trusting your money in any defi project.


That hacked incident is the reason why you should avoid investing in defi project they need to make it more secure first to investors and review every possible bug before they launch. A mistake made by them is a lot of lost to investors.

They don't have to completely avoid investing in Defi projects. There are so many Defi projects which have already registered high returns. What they should do is to limit their investment in moderate amounts. They should be aware that the risk is high. There is high return as well. That is also the positive side of Defi. The potential to earn is there. But they should not lose sight of the risks involved. Defi is still struggling to achieve a better form.

It doesn't mean anything though, if they really know the hackers then why not pursue them and get back everything from the criminals instead of offering bug bounty?

And I don't think that criminals will be threaten by this statement, LOL, they have cash it out and liquidated everything as per report, so the money is gone now and there's no way these kind of criminals will surface unless they work with the police to track down and put them behind bars.

Dude, sometimes bug didn't discovered by the team and this is the problem that has encountered by almost all of defi platforms. There will be no perfect coding but the fact if what you can do to decrease the vulnerable code.
This means if the code can be vulnerable anytime if there's someone who can discovered it.
Flash loan has become a feature that is very risky because it will always deal with the code.

DeFi is not TOO vulnerable compared to others, in general, it's just as vulnerable as other platforms. The different is just that now DeFi is the most popular among other types of cryptocurrency projects. People just jump on the bandwagon, and ride the wave of DeFi, without much understanding in the fundamental and even ignoring the technical and security feature on their platform, people just launch DeFi project and make a profit out of it.

The case you are mentioned is just several of many examples.

Defi projects really make me think that their security is some kind of serious hole need to be fixed even when these projects are essentially just copying each other. It says that their project has been audited twice and still a hole to exploit in there.
When dealing with money a project really need to be serious and is in concern of their system security and so many defi projects got hacked kinda gives me impression that they are not really investing into the security aren't they?

This will be a lesson for current DeFi projects, projects that only focus on getting to market early and their products are still incomplete and still gaps, and that will be opportunity for hackers. As is well known, there were attacks on the DeFi project and took a lot of money, so i think instead of launching the product early or completing it in the most complete way, that's why the Big corporations or technology companies always hire hackers to attack and test their products before they bring it to market with users.

It really depends on the auditor on how they are doing security audits when it comes to defi finance it mostly involves huge amount of money that why projects owners must not be very complacent on doing audits only since hackers sometimes are more advance than them they must regularly conducts bounty for possible security bugs with high reward so that vulnerable codes must be updated but theres is also possibility that this security loopholes are intentional like inside job like what happen in Axion.     

Its sad to see more DeFi services being hacked here and there, but its really not as bad as we think of it.
For instance here are some statistics about bank cyber crimes statistics (https://www.globalsign.com/en/blog/cyber-bank-robberies-contribute-to-1-trillion-in-cybercrime-losses) , and that does not include real bank robberies.
So compared to banking system - crypto is relatively safe.
But it may feel like the opposite because we know about basically any big hacking activity in crypto market thanks to transparency of the system.
Which is not the case in banking system

They really need to make their system fully secured or else those scammers will rampage their platform in no time. These bad guys are just taking some caution when they attacked some exchanges, I feel bad for that Defi platform they might not have any alternative to recover the funds of their customers. Now the incidents have been made public, those who are frowned at this kind of attack, need to revise their strategies and check the possible reasons why those hacked got some access to that victim's Defi platform.

DeFi projects aren't hack proof, decentralization isn't security so stop making this a big deal, DeFi projects are just like every other projects in crypto space and their use cases isn't tackling hack issues in crypto space either so free DeFi projects people

I think the Defi project is a decentralized project, isn't the word decentralization a high level of security?
because the one who manages the user himself, so the hack in the Defi project is nonsense,
but if the Defi project is a scam it can happen.

If it has happened several times that DeFi platforms have been hacked, it means there is a problem with the security system.
Maybe a lot of DeFi platforms just focus on making profit, without paying attention to the security system, so they are very
vulnerable to being hacked. Hopefully what happened to Akropolis can be a lesson for other DeFi platforms, to improve the security
of their platforms. So as not to be vulnerable to being hacked.

A lot of DeFi projects do not bring any real value and are actually a simple fork of other open source projects, so we see a lot of DeFi projects being hacked, they probably just copy critical errors from each other without any security audit. Either this is deliberately left a hole in the code so that the team can scam people and blame "hackers".

Most hacked DeFi projects this year happens on exchanges, the hackers steal the tokens from exchange and withdraw to his address, hack on DeFi doesn't happen on the project platforms itself, and even if I'm wrong there is nothing that hackers can't breach, for exchanges to avoid hacks they have to keep updating their security, if they rely on one strategy hackers will breach the exchange

I see a lot of new DeFi projects coming up with a lot of piracy and scam projects, which are giving a bad reputation to the crypto space. But i think those projects will never attract large sums of money from people, and the problem here can be seen with the projects, where the products they provide to the user level security is not high. I think that if the projects just follow the trend without regard to the quality of the products they bring, it is not really attractive and will be rejected in this market.

I'm not surprised, many DeFi projects are built for money making purpose only so they aren't solving anything, most of them aren't needed but bounty hunters are been blinded with how much they can make from such projects, the best DeFi bounty of this year so far is DEGO Finance and DIA, promote rare utility projects and they will show some love because they have something real to keep (reputation).

From that news, it is normal if we see one or two or more project got hacked because that is the biggest problem that every project will face it, whether they are an old or new project. They need to secure their project from the hacker, and nothing they can do except always manage the project and always protect the project. If they have solid teams, they will secure their project, and they always monitor the project. Right now, the DeFi project is a new trend, and that can make the hackers figure out the bugs on every project so they can hack and steal the money.

It will depend on how their team can guard their project so the hacker will not have a chance to hacked their project. It also happens to the previous trend because the hacker will always search the target from time to time.

90 percent of all DeFi projects are trash with no team, no white paper, and very often no roadmap.  Hopefully people will stop carrying their money to the scam DeFi and they will stop appearing over time. Only strong DeFi projects such as DIA will remain

I definitely agree, imagine forking a github repo and adding some gimmickish feature and some people still jump themselves into it. it's just feels crazy but as it turns out it attracts quite the people and now it's falling apart because it's some cheap code with a lot of exploit.
The exploit that has happened here, definitely the developer team fault not the clients so they should be responsible for all this.

Because there are too many defi lending platforms (you could say 50% of defi projects are loan platforms), when one platform is hacked it will be easy for hackers to find the next vulnerable platform that has the same mechanism. It is also supported in open source code, making it easier for hackers to identify system weaknesses. What distinguishes all defi loan platforms in general is the interest rate and the token unit price, not much on technicalities.

Looks like it's not just full of scams but also immune to attacks I really think investing to DeFi projects are really risky right? Would somebody tell me that it's still a good idea to invest to DeFi projects.

Investment into Defi projects are most risky as today, i won't encourage nor advise anyone to get into the defi world to make their investment without proper background check on the projects. There is nothing we should expect from these open source copy-cats everywhere claiming they're Defis while in the real sense they're shits. Any cryptocurrency project without strong security shouldn't be advise to make investment with, personally, i hate the DeFis as i hate the ICOs days.

Crypto world and hackers go hand in hand, there is no denying that anymore at all. Do you really thing that it is very hard to build an exchange yourself? I can buy a script, hire a developer to put it in a website, get some VPS servers to run all the things I need, pay few designers and marketing people and you have an exchange. Obviously it would take at least 10k dollars to do it but considering these exchanges make a million dollars a month it shouldn't be too high of a capital.

You know why we do not have a billion of them? Because of hacking and security issues, if I get it made, how could I know what my security guy did? Maybe developer put a backdoor? Maybe I will get hacked but don't know how strong my website is? This is why I suggest not everyone should start a project because unless you can guarantee %100 safety, you should not exist.

I think this flash loan has done more damage to DEFI than its initial promise. If there is no serious way to prevent this, we could see this running rage soon, since people now know they can use flash loans with small capital to exploit a system that without flash loans only whales have the ability to carry it out, then every good hacker will continue to look for exploits in these DEFI products

one by one it will happen like this for Defi, there will be an end to Fomo Defi,
if you still have Defi coins, make a sale now, because your actions will save you

Is this one that really should be done as you think about Defi? there is no best choice or it is very worrying, so you have to do such an action. because it is clear who has held the token all this time, not really seeing any reactions or rebuttals.
it is also very confusing whether there is really an effective trade or is it just being carried out by certain people.

Defi, made a surprise at first and everyone glorified with this renewable system, because even to the point of surprising the price that was offered even exceeded bitcoin but trading was not as busy as bitcoin. This is a problem because not long after the price continues to fall and many have experienced failures with the system which makes people start to doubt it. continues until now.

In fact, it's not only DeFi platforms that have been hacked, several hacking events have occurred in the cryptocurrency world.
We give DeFi platforms the opportunity to improve their security system, because no system is 100% safe, so don't think negatively
about DeFi platforms. Maybe some of the DeFi platforms were targeted by hackers who had high abilities. So even though the security
system of DeFi platforms was good, they were hacked in the end.

We should know that Investing in Defi is so risky, Not only about the price that can be dumped but only about attack, Hackers will targeting Defi because they hold lots of funds, and I think it's also people behind the team is not professional so vulnerable to attack.

Or plot twits: There is no attacking at all, it's manipulated by the team.

I'm not sure if I'm going to believe this or not. It probably because everything can be manipulated, it might possible that they just want to trick investors of being hacked but the truth is that their project has nothing to show good.

Well, I'm not good with DeFi and since from their launching, I have no interest to invest them knowing that many of them (almost all) are just shit projects. I can't really imagine how they create such hypes? However, the quickest they rise up, the fastest also they dump and even becoming dead.

Everybody should just be extremely careful this period as December is coming and some projects will rug and run. Know what you are investigating in and many would use hack to convince investors but quit unfortunate this happened and I do hope they recovers and safe investors from heartache.

This is not good again for the Defi projects, if the owner itself will not do something about it, the trust of the community who believed in Defi will little by little remove their assets in the Defi until no one is using them, where if that happens well surely it will become a dead one. So, they must improve and protect their clients to remain their clients to their platform.

Yes, possibly, inside job. Wondering how a flash loan can surpass the strict requirements of defi platform? Unless, they know where to hit the vulnerabilities of their system. And to know where to attack, of course, somebody inside have the knowledge about that. Really a lesson for those potential defi investors, not to trust fully the platform they are using.

why does this happen so often? Is it because the blockchain security system is already vulnerable and weak? or because hackers are smart at exploiting blockchain bugs?

no its not, its system not builded with high layer security system  and  their system analyst didnt work correctly to make penetration test that common do in outside crypto market. sometimes we need to involve white hacker to test system and report this bug to developers team. i think its rare crypto project this way to make sure system was very secure.

This is another story and probably another lie to tell from inside. This kind of excuses isn't new to us and ain't that wonder how this new project had come to a lot of reason for their failure and brought into a scenario which not all of us tend to believe. This could also be a reason why investors have to skip new projects but rather to focus on old projects. The risk that these new projects had brought to us worries a lot of people and this also a reason that most of them have failed.

well, if it was only one company, and there are already several of them, those who were hacked, there are two options, or this system is really vulnerable and not reliable, or the second option is that all these hacks are just a cover for withdrawing funds, or planned perhaps by the team itself

Wow. Its really weird that projects are not realizing how dangerous flash loans are after what happened to harvest Finance which got attached similar way . Scares people away from yield farming.

If we examine the possibilities, it is clearer that hackers who are smarter can do this on the Blockchain system, because everyone also knows that the Blockchain system is really strong in terms of security, so if hackers are not smart, they are already definitely won't be able to break into it.

To jump into the DEFI  hype a lot of new and old project jumped into the market without proper preparations and troubleshooting the codes. For anything as important as DEFI codes and smart contract, they should have gone with an extensive penetration testing and find out any bugs before they gets exploited. But the project as well as the auditors are in such a hurry to get cash, they compromise with the security and ultimately the trust.

they don't break into the other blockchain system, the blockchain system can't be broken easily,
have you ever heard the news of a hacker breaking into the blockchain system? of course not,
hackers just get their users caught in their traps.

The reason why people were so quick to jump (specially project owners) was the fact that they didn't want to miss out on the bandwagon. If they could create something, ANYTHING and get involved with this hype, they could not only have their own token made or their own company made but also they would have enough money to fund it for a decade with how much funding these projects were getting which means they would be set for life if they invest carefully.

However that meant acting very quickly and when you act that quickly you end up with not providing 100% ready product and that ends up with bad results like this. I feel like if you have a decent and good project, it should take at least 6 months to a year in order to be 100% ready for public release.

When I hear about another hack of a particular crypto exchange, even in DeFi, it becomes suspicious for me. I had little experience when I became a victim of a hack, but it happened through my action and not being careful. But okay me, but how can platforms that hold other people's assets be so insecure about security? As for me, two conclusions can be drawn here, either they deceive us and they have no protection, or they do it all themselves. It is not uncommon for me to arrange for a hack to launder funds. No matter how it was, the security system is still far from perfect and is subject to risk.

Another hacking of a platform or exchange should be taken as a routine.  Hackers are attracted and will attract a lot of money that can be stolen and the relative anonymity of the cryptocurrency at the same time.  Many hackers are also attracted by excitement and sports interest.  In addition, this activity is still very weakly regulated by states, and crimes related to cryptocurrency are especially difficult for law enforcement agencies, since crimes are always international, and criminals have the opportunity to migrate to different countries.  Therefore, the number of such cases will only grow.

This is similar to the hack attacks we had back in the days against ICO platforms. I knew this would be the case since DeFi became really popular for most parts of the year, it was only a matter of time before platforms would start getting attacked for the funds that are usually in their vaults for yield farming and other activities.

Just today, there was another attack (yes, a DeFi project as well):


From the look of things, it looks like the typical flash loan attack that other DeFi has suffered in the past. These attacks are wake up calks to DeFi protocols to step up security if they want to win against traditional financial services.