DeFi Hacks In October Highlight Issues With Bridges And Price Oracle Attacks

0
CryptoMode Harvest.Finance Hack Beanstalk Farms DeFi Price Oracle Attacks

Unsurprisingly, October 2022 has seen a fair share of DeFi hacks and incidents. Unfortunately, the industry’s developers seemingly cannot stay ahead of hackers and other nefarious individuals. Interestingly, price oracle attacks remain a popular and lucrative attack vector.

Five Key DeFi Hacks in October So Far

It is a tad early to declare there will only be five DeFi-related hacks in October 2022. However, the month is not over, and the recent success of various attack vectors might inspire unsavory individuals to look for more weaknesses. The month has yielded an overall loss to hacks of over $695 million. It is a staggering amount, and one has to wonder if it couldn’t all be prevented.

Building smart contracts has become very accessible in recent years. Putting something together doesn’t require much effort, allowing the DeFi industry to grow and thrive. However, that growth also results in more security vulnerabilities than ever before. It appears culprits can easily find ways to exploit these contracts, although new attack vectors continue to pop up. 

That said, the protocol developers aren’t always without blame, either. When TempleDAO was exploited for $2 million, attackers leveraged a protocol logic exploit. More specifically, there was a lack of input authentication on the contract. As a result, the hackers took out $2 million, crippling the protocol. It still holds over $28 million in TVL, but overall trust in the project remains relatively low. 

This month’s most recent hack affected Bond Protocol, one of the older DeFi projects. Hackers successfully stole $0.3 million through an arbitrary external call. It appears the project dodged a bullet with relatively low losses. However, it is another example of smart contracts’ many security aspects and what developers must always prepare for. 

Price Oracle Attacks Are Big Money

Perhaps the most worrisome development in DeFi is the successful hacks involving price oracle attacks. Two such incidents have occurred this month, resulting in losses for Mango Market and Moola Market. These projects lost $115 million (Solana) and $8.4 million (Celo), respectively. That makes price oracle attacks a very lucrative attack vector, assuming a hacker can pull it off. 

Unfortunately, that attack method has been relatively successful in previous months too. For example, GMX lost over $560,000 in September, and Inverse Finance was drained for $15.6 million in April. Mind you; these are not flash loan price oracle attacks, as that requires a slightly different approach. 

DeFi Bridges Remain A Problem

The fifth hack for October 2022 is the Binance Bridge incident. It is a significant incident with a loss of $570 million – although that was adjusted to $100 million later by freezing the rest of the funds. In addition, coders deployed an upgraded version of BNB Smart Chain to address various cross-chain issues. It confirms the risk bridges pose to the decentralized finance industry.

These bridges remain a core weakness, along with the price oracle attacks. It will be tricky to resolve both of these vectors, but something must change. More importantly, these issues can affect any network at any time. They are not native to one chain or another. It is a problem the entire DeFi industry needs to deal with sooner rather than later. 


None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.