Threats to Decentralized Finance
Michael Egorov, the founder of Curve Finance, has raised alarms about the growing threat posed by organized hackers who are meticulously planning cross-platform attacks on decentralized finance (DeFi) projects. In a recent conversation with Decrypt, he elaborated on a particularly troubling incident from last month when Curve’s front-end website was compromised through a DNS attack, leading unsuspecting users to a fraudulent site.
Details of the DNS Attack
Egorov explained that the breach exploited a mismanagement at their domain registrar, which transferred ownership of Curve’s domain without notifying their team. Despite strong security measures, including complex passwords and two-factor authentication, the attackers were able to circumvent these protections, indicating the sophisticated nature of modern cyber threats.
Coordinated Attack Strategies
He revealed that this incident is part of a broader trend where hackers develop coordinated strategies to launch simultaneous attacks across multiple platforms to maximize their gains.
“Threat actors may even solicit bribes to focus on certain projects if the price is right,”
Egorov noted.
Inadequacies in Security Measures
In his assessment, Egorov highlighted the inadequacies of current security measures in the crypto landscape, particularly criticizing SMS-based two-factor authentication as inherently unsafe. He stated that in the realm of cryptocurrencies, where transactions are almost instantaneous, the repercussions of an attack are irreversible, entailing far greater stakes than in traditional financial systems.
Recent Security Breaches
The hazards facing DeFi protocols are underscored by a recent report from blockchain security firm CertiK, which identified vulnerabilities in code as the leading cause of security breaches in May. The report indicated that hackers exploited these vulnerabilities to steal an estimated $302 million during nine significant breaches, a slight decrease from the $364 million lost in April. The Cetus Protocol incident alone accounted for around $225 million, marking the most substantial hack of the month, as hackers employed spoof tokens to execute an oracle manipulation attack on the platform.
Conclusion
Egorov’s warnings reflect a growing urgency within the crypto sector to bolster security standards to protect against increasingly complex and well-coordinated threats.
