Fraud and theft at decentralised finance platforms has totalled $10.5 billion so far this year, research showed on Thursday, laying bare the risks in the fast-growing but still mostly unregulated area of cryptocurrencies.
So-called DeFi platforms allow users to lend, borrow and save – usually in cryptocurrencies – while bypassing traditional gatekeepers of finance such as banks. Backers say the technology offers cheaper and more efficient access to financial services.
Cash has poured into DeFi sites this year, mirroring the explosion of interest in cryptocurrencies as a whole. Many investors, facing historically low or sub-zero interest rates, are drawn to DeFi by the promise of high returns on savings.
Yet crime is also booming in the mostly unregulated sector, according to London-based blockchain analytics firm Elliptic. Users have suffered over $12 billion in losses through crime at DeFi apps, lending platforms and exchanges since 2020, with the majority of losses coming in 2021 alone, it found.
Bugs in code and design flaws allow criminals to target DeFi sites, Elliptic found, with deep pools of liquidity also allowing criminals to launder proceeds of crime while leaving few traces. Scams are also common, it added.
“Decentralised apps are designed to be trustless in that they eliminate any third-party control of users’ funds,” said Elliptic’s Tom Robinson. “But you must still trust that the creators of the protocol have not made a coding or design mistake that could lead to a loss of funds.”
Major DeFi platforms say they take a variety measure to bolster security, from hiring external firms to audit code for vulnerabilities to maintaining keys and passwords needed to access user wallets in secure environments.
Cryptocurrency worth some $86 billion is currently stored on DeFi platforms, versus $12 billion a year ago, according to sector tracker DeFi Pulse.
Major investors have also bet heavily on the growth of the sector, with Canadian pension fund Caisse de Dépôt et Placement du Québec last month taking part in a $400 million investment in major lending platform Celsius Network.
DeFi site Poly Network was in August rocked by a $610 million crypto theft, one of the biggest ever – though the hacker later returned nearly all the loot.