CipherTrace has released a new report about crypto crime—and it’s a classic case of: “What do you want first… the good news or the bad news?”
The blockchain intelligence firm says total losses from crypto fraud, thefts, and hack attacks stood at $1.8 billion for the first 10 months of 2020. That’s substantially less than the $4.5 billion seen over the whole of last year.
Alas, it’s a little too early to proclaim that the digital assets industry has turned a corner. CipherTrace’s data also shows that half of all crypto hacks this year have targeted DeFi protocols and exchanges—a stark contrast to 2019, when attacks on decentralized finance platforms were “virtually negligible.”
It’s arguably unsurprising that opportunistic criminals have turned their attention to DeFi in recent months. According to DeFi Pulse, $12.7 billion is currently locked in these protocols — more or less a record high. This is a 1,780% increase since the start of the year.
CipherTrace added that DeFi would have accounted for a much higher proportion of the funds stolen in the second half of 2020 had it not been for the hack targeting KuCoin. More than $281 million was lost as a result of this incident in September—and as reported by Modern Consensus, DeFi protocols were used to launder these illicit gains.
As CipherTrace noted in its Nov. 9 blog post: “Despite KuCoin being a centralized exchange, even this hack had been touched by DeFi as the criminals attempted to launder the stolen funds through one of the largest decentralized exchanges in the world—Uniswap.”
Over the past month, we’ve been starting to see the shine wear off DeFi… kind of. As Binance noted in a blog post last week, the total value locked in protocols has remained constant—but most governance tokens have suffered a “complete turnaround” from their astronomical gains, with some losing 70% to 90% of their value.
“For many months, altcoins have been the key driver of returns for crypto traders. Thus, it is no surprise that altcoins have appeared to be losing steam and disharmonized from Bitcoin’s rally,” the article added.
Binance launched a DeFi Composite Index in the summer that tracked some of the biggest tokens in this space. In the blog post, the exchange revealed that this index had slumped by more than 60% from the highs of $1,000 seen at the start of September.
Unfortunately, it’s difficult to know what action can be taken to curb these hacks. As CipherTrace explains: “DeFi protocols are permissionless by design, meaning they often lack any clear regulatory compliance and anyone in any country is able to access them with little to no KYC information collected. As a result, DeFi can easily become a haven for money launderers.”
To make matters worse, many DeFi projects rely on smart contracts that are far from robust—meaning that security vulnerabilities are exceedingly easy to exploit. CipherTrace pointed to recent remarks by Olaf Carlson-Wee, the founder and CEO of Polychain Capital, on an episode of the Unchained podcast. He said:
“I do think it scares me a little bit how much capital is being dumped into contracts that are unaudited. I think that getting security audits is, overall, an important part of maturing any one of these systems.”
Overall, DeFi’s disastrous losses show that many protocols have tried to run before they can walk—rushing out their platforms without going through the necessary security checks.
The party might be about to end. Back in September, the European Commission unveiled “ambitious” proposals to regulate crypto assets. As part of these measures, decentralized platforms would be banned from the continent unless they’re registered as a legal entity in one of the EU’s member states.
All of this comes after Cred, the crypto lender, filed for Chapter 11 bankruptcy protection after a “perpetrator of fraudulent activity” led to irregularities in how corporate funds were handled. Court filings allege that the company was defrauded by its former chief capital officer, who is accused of taking Bitcoin worth $3 million.
Although the boardroom drama doesn’t help matters, it isn’t the sole reason for Cred’s demise. At present, the company has assets of between $50 million and $100 million—but here’s the problem: current liabilities have been forecast at up to $500 million.
The sudden announcement has sparked panic among Cred’s users, many of whom are worried about their funds. Despite receiving countless questions about whether their capital has been lost, Cred is yet to respond to specific concerns.