Over the past few months, decentralized finance — best known as “DeFi” — has been branded Ethereum’s killer use case. Indeed, data from sites like DappRadar show that a majority of smart contract volume on the second-largest blockchain is related to many of these DeFi apps, which offer bank-like services to users.
But, a series of recent issues with the budding DeFi ecosystem on Ethereum has thrown a wrench in that narrative, with these problems cementing that these protocols are not yet safe for public consumption.
Ethereum Protocol Loses $25 Million in Attack
On the evening of April 18th, users of Ethereum-based DeFi protocol Lendf.me began to notice there were issues with the nascent platform. The website threw up a banner that was in both Chinese (Mandarin) and English saying that users should not deposit funds, while data sites suggested that the protocol was being drained of its funds at a rapid clip.
But, it was too late. By the time the error had been caught, the protocol was empty; the $25 million worth of Ethereum, Tether’s USDT, and other leading tokens were gone, withdrawn primarily to this address.
While some thought it was a glitch, it was anything but that.
In a Medium blog published April 19th, CEO of dForce, the company behind Lendf.me, wrote their protocol was “attacked and approximately $25 million in assets were drained from the contract.” They added that what happened was there was an issue with an Ethereum-based token, imBTC, that allowed the hacker to withdraw more funds than they had access to, resulting in the deficit.
The Latest of Many Issues
Although this is seemingly the worst hack of a DeFi application ever, it’s the latest in a series of exploits used to drain Ethereum users of their hard-earned assets.
Camila Russo — a Bloomberg journalist turned Ethereum content creator — pointed out that prior to the Lendf debacle, there were exploits in March, in February, and then June of last year. Each attack differed in size, but took place across a swath of protocols and involving a series of different cryptocurrencies, showing that these issues are “not just one project’s problem.” She elaborated:
“It’s not just one project’s problem. DeFi needs better security standards or we’ll continue seeing the downside of that composability double-edged sword.”
👹DeFi exploits:
June 2019: Synthetix 37m sETH
Feb. 2020: bZx $900k
Mar 2020: iEarn ~$280k
April 2020: LendfMe $25mIt's not just one project's problem. DeFi needs better security standards or we'll continue seeing the downside of that composability double-edged sword.
— Camila Russo (@CamiRusso) April 19, 2020
There was also an issue with MakerDAO, the leading decentralized lending protocol, during March’s 50% crash. Although not a glitch per se, a series of problems resulted in the protocol losing $5 million worth of collateral in the form of Ethereum.
The bottom line with all this is that many believe DeFi may not be ready to go mainstream, despite its potential as a use case for Ethereum. As Jon Jordan, Communications Director at DAppRadar, mentioned to Bitcoinist in an interview:
“I don’t think anyone thinks the current generation of DeFi is ready to be deployed to the mainstream. In total, there are probably less than 10,000 people using DeFi protocols — just compare that to Binance.”
Photo by Paul Fiedler on Unsplash