In the world of blockchain and cryptocurrencies, rekt is used to describe a severe financial loss. As a result of the exponential growth of DeFi, a whole range of “fast food” scam projects appeared. But this is not the only reason why a project can be wrecked, protocols can have vulnerabilities in their smart contracts. Some types of issues for being rekt can be:
Exit Scam. Involves harmful actions planned by the development team, whose intention was to steal depositors and investors funds.
Flash Loans. This means an attack with the external vector made by a hacker on the target protocol. This results in token’s price imbalances with a further loss of lenders funds.
Smart Contract Exploits. This type involves an external or internal attack vector taking advantage of some vulnerability of a smart contract.
Access Control. Compromised addresses through their private keys, ending in a subtraction of the contents of these wallets.
Making an analysis of different information sources about this, I found some insights in the data:
These values represent millions of dollars. The total fund lost is estimated in 4.500 million, but I only used the information for 4.336 million because I considered representative (only 100 cases of the 2500 that exists in this base).
Relationship between Issue and Network in terms of fund lost. The 48% of this was in the Ethereum chain with 2.101 million. The second one place is for Ronin with only 1 exploit, but the biggest one in terms of funds lost.
The ETH chain leads exploits, access control, and flash loan with the 51%, 59% and 72% of these issues respectively in terms of money. And the “another” networks lead the Exit Scam with the 57%, this idea shows that in general, the scams take place in the minor networks.
Relationship between Issue and Network in terms of fund lost. If we make the same analysis but with quantity of cases, ETH, BSC, and “another” networks lead this. And if we see the exit scam issue, BSC becomes important.
Relationship between Issue and Network in terms of quantity of cases. Also, we can analyze what happens in terms of issues and years. The year 2022 could be not representative because isn’t full developed yet.
We can see that since 2020, all the types of issues have been growing in terms of quantity.
In special, the exploit issue, taking more importance than the others while Exit scam and access control remained fairly the same in terms of funds lost.
Relationship between Issue and Network in terms of Quantity of Cases. Making focus in the 3 biggest rekt projects that are known, it is evident that the most funds lost are due to exploits, this means vulnerabilities in the smart contracts, and not in scams.
The biggest one is the Ronin network exploit with a fund lost of 624 million of dollars. The reason of this exploit was related to centralization of the validation nodes, the hacker got permission of the necessary nodes to authorize transactions, which were 5 nodes.
The second one, the Poly Network exploit took place due to permission errors in the contracts. The network had a contract with the privilege that has the right to trigger messages from another chain. If a protocol has cross chain relay contracts, these contracts can’t be used to call special contracts. In other words, if a contract needs to have special privileges, you need to make sure that users can’t use cross chain messages to call those special contracts, if not, a hacker can take advantage of this.
The third one is the wormhole on the Solana chain and took place on February 2022. This exploit was a bridge one, and was manipulated into crediting ETH as having been deposited on Ethereum, allowing the hacker to mint the equivalent amount in WETH on Solana.
In conclusion, decentralization is one of the most important issues in the crypto ecosystem. The other lesson that these cases give us is that security in bridges is as important as decentralization.