In the realm of decentralized finance (DeFi), off-chain attacks are emerging as a growing concern, according to a new report by blockchain security specialist Halborn. The report underscores that compromised private keys are a major factor contributing to this rising threat. Over the period from 2016 to 2023, off-chain attacks accounted for 29% of all DeFi attacks and 35% of the total stolen funds. The trend has accelerated significantly, with 2023 witnessing off-chain attacks constituting 57% of all incidents and 58% of the stolen funds.
Halborn’s analysis reveals that compromised private keys are now the second most common cause of losses in DeFi, following direct smart contract exploitation. Notably, in 2023, 52% of all attacks were attributed to compromised private keys. The report highlights that only 20% of the affected protocols employed advanced private key storage solutions, such as multi-signature setups, which require multiple private keys to authorize transactions. This indicates a pressing need for DeFi users and developers to enhance their security measures.
Furthermore, the report points out that many attacked protocols relied on unaudited smart contracts, which are vulnerable to various exploits. Price manipulation and other ecosystem-related vulnerabilities are particularly challenging to identify during audits, underscoring the importance of comprehensive security practices beyond mere contract audits. Halborn emphasizes that adopting more robust security measures, including the use of cold wallets and thorough auditing processes, can help mitigate these risks.
Despite a 6% reduction in the number of attacks in 2023 compared to the previous year, the average value lost per attack decreased by $47 million. This decline in attack frequency and severity could be partly attributed to the overall decrease in the total value locked (TVL) in DeFi since 2022. Halborn’s report serves as a crucial reminder for DeFi stakeholders to prioritize the security of private keys and adopt more sophisticated protection strategies to safeguard against the increasing threat of off-chain attacks.
Reference:
