In the letter
- Over $ 100 million was lost when hackers targeted a number of DeFi projects.
- They could manipulate the prices and get away with the money because the DeFi protocols get their data from a single source, which is risky.
- The founder of the top DeFi project Chainlink told Decrypt that it will continue to do so unless DeFi projects get their data from a number of sources.
Chainlink co-founder Sergey Nazarov said hackers will continue to search for DeFi logs unless they change the way they get their pricing information.
His comments on the Decrypt daily Podcast, released on Friday, comes after that DeFi logs lost over $ 100 million in a series of flash credit attacks targeting Compound ($ 89 million), Harvest Finance ($ 34 million), and Cheese Bank ($ 3.3 million).
The projects were subjected to oracle exploits in which the price of stablecoins contained in the logs was manipulated.
Hackers were able to target multiple projects by relying on Curve Finance’s data on the price of crypto in the liquidity pools.
Nazarov said on the podcast that all attacks “are related to the use of a single central exchange as a price source” – and that this type of attack will happen even if logs get their data from two or three sources.
“I think it is a serious problem that both developers of these protocols should consider.”
Nazarov says these projects were based on Curve Abused DeFi Protocol Curve’s liquidity pools as an oracle.
Nazarov said Chainlink was resistant to problems because it uses multiple sources of data – data from “hundreds of exchanges”.
In order for DeFi protocols to avoid problems going forward, they need to think about how they get their data, he said.
Since the attacks, there has been a decentralized exchange of Curve Finance warned DeFi projects Use Chainlink, which uses a decentralized Oracle network (data is securely transferred from one blockchain to another so it cannot be tampered with.)
It looks like the hottest new DeFi projects need to improve their game in terms of security or millions more will be lost.
Disclaimer of liability
The views and opinions expressed by the author are for informational purposes only and do not constitute financial, investment or other advice.