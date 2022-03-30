LONDON (Reuters Breakingviews) - Cryptocurrency revolutionaries hail the movement’s open, experimental spirit. Yet the explosion of shaky new blockchain networks creates opportunities for criminals as well as legitimate users. The risk is that rampant hacks are inherent to the boom in so-called decentralised finance.

Decentralised finance, or DeFi for short, describes communities of developers building financial products that operate on blockchain ledgers, rather than traditional trading systems controlled by traditional banks or stock exchanges. The hope is that such networks will make transactions faster and cheaper over time. But they have a huge problem with cyber-theft.

On Tuesday the blockchain project Ronin, linked to popular online game “Axie Infinity”, said attackers had drained $540 million https://roninblockchain.substack.com/p/community-alert-ronin-validators?s=w worth of cryptocurrencies. The haul was worth about $600 million on Wednesday and is the second-largest crypto theft ever, according to blockchain analysis group Elliptic. It comes shortly after the $320 million hack of crypto service Wormhole in February. On an annualised basis, those attacks alone imply that DeFi thefts are running at a $3.4 billion yearly rate in the first quarter of 2022, compared with $2.3 billion throughout 2021, according https://go.chainalysis.com/rs/503-FAP-074/images/Crypto-Crime-Report-2022.pdf to Chainalysis.

Granted, crypto diehards could point out that bigger attacks are just a function of a bigger industry. The average daily amount deposited in DeFi products was $133 billion in 2021, according to a Breakingviews analysis of DefiLlama data, which means thieves stole about 1.7% of the total value in the sector. The equivalent annualised figure so far in 2022 is roughly the same.

But there’s reason to think that such hacks will be a permanent feature of DeFi systems. By its nature, the field’s products and code tend to be open for all to scrutinise. That makes it easier to plan attacks. The Wormhole hackers spotted a pending security fix that had been uploaded to GitHub, a tool which developers use to collaborate on code.

True, it’s harder to imagine a hack of the core Ethereum network, which undergirds much of decentralised finance. But that security has a downside: transactions are validated by hundreds or thousands of participants who expect a monetary reward for their effort. Those “gas fees” gum up the system. Ronin’s solution was to boost speed by using just nine validators. But that came at the cost of security: the hackers only had to compromise five participants to control the system. If the result of innovation is greater fraud risk, many potential users will steer clear.

CONTEXT NEWS

- Blockchain project Ronin said on March 29 that hackers stole cryptocurrency now worth almost $615 million from its systems.

- The project said that unidentified hackers on March 23 stole 173,600 ether tokens and 25.5 million USD Coin tokens. At current exchange rates, the stolen funds are worth $615 million, but they were worth some $540 million at the time of the attack, according to Reuters.

- Ronin is used to power the popular online game “Axie Infinity”.

