They get hacked, they get hacked, everyone gets hacked, November 11th to 18th


If people had actually taken out insurance against hacks, a lot of insurers would definitely have gone bankrupt this week. A total of four Flash loanable exploits were recorded within a week (one actually happened the week before, but was only noticed later).

We’ve got the Cheese Bank with a theft of $ 3.3 million, Acropolis with a loss of $ 2 million, Value DeFi with a whopping $ 6 million exploit, and finally the loss of Origin Protocol from $ 7 million.

Related articles

In total, the hackers stole $ 18.3 million, which admittedly is not that much – less than Harvest Finance’s only October exploit.

As always, the most common comments on this topic are “Have they been audited?” And “Flash credits are bad.” As for the audit, I’ve now been able to find reports for everyone but the Cheese Bank (maybe it has been reviewed, it’s just not immediately obvious).

I feel like a broken record now, but people really need to understand that audits will always be limited in their effectiveness. Security companies just don’t have enough time and eyes to find everything.

If there is anything with you to point out, I want to focus on the fact that none of these except Acropolis had an instantly recognizable premium of error. Even then, if it’s that easy to steal money in crypto, these projects should be far more competitive with their payments than any other sector. Audits that seem to cost more than $ 200,000 if you want premium quality don’t seem like the most efficient use of money.

Of course, bounties won’t turn blackhat hackers suddenly into upright citizens, but it can change the life of a poor child who does this for a living and decides to search your log for his lottery ticket. They would love to receive $ 100,000, have a clear conscience, and save you millions of dollars later.

Flash loans are tough but fair

I think flash loans are the best tool for increasing the efficiency of the DeFi market right now. Their intended use is to convey various assets across protocols – buy cheap at Uniswap, sell high at SushiSwap, without tying up your own capital. They’re also useful for quickly breaking down your credit history positions, and I’m sure there are other uses. In short, they’re pretty awesome.

And yes, flash loans make hacks easier. Note, however, that anything that can be done with a flash loan can be done with a large pile of cash. Hackers may not be that wealthy in general, but it’s actually better for the ecosystem to weed out weak implementations and protocols before it grows to pick up a billion dollar hack.

It is definitely painful to be on the receiving end of a hack, but it’s also a known risk that should be managed. Sometimes it may just be bad luck, but this explanation should only be used when all possible mitigation strategies have been exhausted. I hope that any log that is hacked will take steps to make sure it never happens again. Otherwise, the hacks will continue until security improves or the log exits.