Attackers and fraudsters have relieved decentralized trading platforms (also abbreviated under the keyword web3) for cryptocurrencies by record amounts in the current year: in the first half of 2022, the platforms lost a total of more than US$2 billion – which That’s already more than the total amount for the previous year 2021. Through a special attack known as Flash Loans, scammers stole $308 million in the second quarter of this year – the same as the previous quarter. A huge increase in comparison, when there was ‘only’ $14 million in damages using such an attack. According to security expert CertiK’s quarterly ‘Web3 Security Report’, reported by The Verge.
Short-term loans as leverage for attack
The Web3 crypto platform enables decentralized trading in crypto currencies and secure transactions through the blockchain. They are increasingly falling prey to cyber attacks that exploit security loopholes or trick users with fraud or phishing. More and more attacks use ‘Flash Lone’ and get higher amounts of damage, The Verge writes about the security report, A total of 27 flash loan attacks resulted in a total of $308 million in losses in the second quarter, as reported by CertiK. In comparison, the number of phishing attacks increased from 106 in the first quarter to 290 in the second.
With ‘Flash Loan’, an amount is borrowed for a very short time (few seconds) in a single transaction and is returned immediately; If the client makes a profit from this ‘smart’ contract through his trade, the lender (trading platform) usually receives a commission on it. Cryptocurrency platform Beanstalk was the victim of a high-profile ‘flash loan’ attack in April, taking advantage of Beanstalk’s ability to give its users voting rights on changes to the platform’s code, in proportion to their stake in the Bean-owned cryptocurrency. , beanstalk – users themselves. The attackers briefly acquired enough cryptocurrencies to transfer all of the cryptocurrencies held on Beanstalk to themselves for code changes.
And earlier this year, attackers exploited a vulnerability in the code of financial platform Qbit Finance. Qbit Finance’s decentralized trading platform allows you to exchange one cryptocurrency for another; The attackers took advantage of the vulnerability and obtained $80 million worth of Binance coins in exchange for zero Ether deposits.
Such new cryptocurrency projects (also known as DeFi, “decentralized finance”, i.e. decentralized finance) with decentralized infrastructure and the use of blockchain are also known as Web 3 (or Web 3.0 – as opposed to Web 2.0); They combine decentralization, automated transactions with blockchain security and ‘smart’ contracts.
(Two)
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.
