Hacking of decentralized finance (DeFi) protocols have become a “full-time job” for professional attackers, according to the founder of blockchain security firm ImmuneFi.
Speaking to Decrypt at Web Summit 2024, ImmuneFi co-founder Mitchell Amador said DeFi hacking has become an “infinitely sustainable and profitable business” — even though the crypto space is “undoubtedly” becoming more secure.
Defy's hackers, he says, “are looking for more damage than ever before—and their skills apply in many different areas.” As he explained, “Even if they don't get a permanent hack in the interim, they can be a way to monetize their MEV or other special abilities.”
Still, Amador told Decrypt, the crypto space is “getting much more secure and at a rapid clip.” ImmuneFi's Q3 2024 report indicated that losses from crypto hacks were down 38 percent year-over-year, to just under $424 million.
Year-to-date, Amador said, crypto losses from hacking have totaled “more than a billion dollars,” around $3 billion in 2022, and around $1.8 billion in 2023. “This is despite the fact that overall industry prices are rising. , and the increasing value in the properties on the chain as well. So the per capita value of the dollar is falling off a cliff. While hacking is on the rise, “we're seeing very few of the big cases,” he said.
In the year He points the finger at North Korean hackers, citing the sophistication of the DeFi hack that cost Radiant Capital $50 million in October 2024 as an example. “They went after the private keys, compromising the underlying machines and spoofing the transactions in this kind of ridiculous man-in-the-middle attack, which is very unique.” Hackers are using social engineering to exploit vulnerabilities in DeFi protocols, he said, adding that “humans are always the weakest link.”
To strengthen the world's largest Smart contract Blockchain Against Attack, ImmuneFi is hosting the Ethereum Protocol Attackathon, the “world's largest coding competition,” with a $1.5 million prize pool.
“We have hundreds and hundreds of hackers,” Amador said. “They all throw themselves up Ethereum The online codebase is $1.5 million to demonstrate that they have found and disclosed mission-critical bugs in a timely manner.
“This is a new initiative that the Ethereum Foundation has never done before,” he said, adding that they hope the competition will become a regular event, “strengthening each and every new iteration of the blockchain.”
While blockchain security is “a very picky and shoveling, stable part of the crypto industry,” Amador expects the sector to be “beneficiaries” of the incoming Trump administration and its crypto-friendly stance.
Trump's US strategic bitcoin reserve, Amador, is putting pressure on European ministries to “start accepting crypto more aggressively and therefore be more friendly,” he said. “
“In terms of overall industry growth and friendliness, it seems to be of great benefit to the industry,” he added, “which in turn drives security.”
For its part, ImmuneFi plans to expand into “automated technologies,” including a “pretty big AI agent” that “coordinates a bunch of proactive security measures,” Amador said.
He added: “We're taking the next logical step for bug bounties, but in two or three years they will look very different than they do today – and it should be wild.”
Edited by Andrew Hayward.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.
