The $1.23 billion opportunity: Web3 exploits

Exploits and hacks in Web3 amounted to $1.23 billion in Q1 2022 alone. We’re going to talk about the different types of attacks and opportunities for builders in the space.

Attacks are unique in Web3

Web3 has unique characteristics that increase the pain and impact of these attacks:

  • Transactions are instant. This is great when things are good, but there’s no time to react if something is wrong.
  • Transactions are irreversible. There is no way to undo an incorrect transaction, unless the receiver comes forward.
  • There is often no custodian. If you’re unhappy with a transaction on your card, your credit card company can block it for you. That’s not possible in Web3 because there is no custodian (which why transactions can be cheaper).
  • Smart contracts take actions. Web3 can help avoid third parties by adding logic into smart contracts.
  • Information is always public. I can look up any anyone’s assets if I have their wallet address.
  • Code is open source. Great for innovation but it means that mistakes compound, i.e. if a template has an error, multiple people are likely to be impacted.

It’s also worth calling out that we are early in the adoption curve for Web3 as I wrote here. There are just under 200m unique Ethereum addresses (approx. 5 billion people use the internet).

image

More importantly, there were only ~20K active developers in Web3 as of December 2021. This is based on a report by Electric Capital using contributions to open source web3 projects. The quantum of exploits should be viewed against where we are in the space.

image

Let’s look at the major attacks in Q1 2022. Rekt tracks exploits in Web3 — 4 of the 10 largest have happened in Q1 this year. We’re going to go through them in the order they happened:

  1. Qubit Finance
  2. Wormhole
  3. Axie Infinity / Ronin
  4. Beanstalk

A quick digression: Bridges

Three of these attacks involve bridges:

A bridge in crypto is a mechanism to connect two different blockchains and exchange assets between them.

Think of it as a barter system. You give it tokens from blockchain A and receive tokens from blockchain B.

Bridges work by holding amounts on both blockchains. For example, I want to bridge 1 ETH to Solana. The bridge holds 1 ETH on Ethereum, generates an equivalent amount on Solana and hands it over to me. Because bridges hold large sums, they become targets.

Bridges are particularly dangerous when going across two entirely different blockchains (cross-chain bridges). Several experts, including Vitalik, have flagged the risks of cross-chain bridging.

Qubit Finance

On January 27, 2022, a hacker stole $80 million from Qubit Finance. Qubit is a decentralised lending and borrowing platform, i.e. it allows you take out loans against crypto assets. Qubit uses a bridge to exchange Etherem assets for the assets on Binance Smart chain.

The attack took place because of suboptimal code. The attacker fooled the contract into thinking they had deposited Ethereum (when they hadn’t). Because the bridge is like a barter system, they walked away with the equivalent value of assets on the Binance smart chain. This could have been avoided with a proper audit of the code.

Ultimately, the Qubit team offered a bounty to the hacker to retrieve the funds.

Wormhole

Wormhole is a bridging solution that helps you move assets across blockchains. These assets can be NFTs or standard tokens. In February 2022, $326 million was stolen from Wormhole using the Solana bridge.

When assets are bridged, there are “guardians” who check that the tokens submitted to the bridge are legitimate. Like the Qubit attack, the attacker was able to “fake” a set of tokens on the Solana side. Because the bridge thought these tokens were valid, it converted these into tokens and the attacker pulled these out. Again:

The attack could have been avoided with an audit of the code.

Axie Infinity / Ronin

In March 2022, $625 million was stolen from Axie Infinity, a play-to-earn game. I wrote a one-pager on the attack. In short, transactions on the network are settled by users who verify transactions (called “validators”). If someone has control over a majority of these validators, they have control over the network. The attackers gained control over 5 out of 9 validators and managed to siphon funds. The attack was carried out by Lazarus, a North Korean hacking group.

The following could have helped avoid the attack:

  • The protocol could have had more “validators”. It’s harder to control a majority of 100, than 10.
  • The protocol could have required a higher number of validators to reach consensus. If 9 out of 10 validators were required to validate transactions, the attack could have been avoided.
The number of validators and the consensus mechanism are a measure of decentralisation and security.

Beanstalk

Beanstalk, a DeFi protocol, was exploited and $182 million was stolen. The hacker took out a loan, borrowed enough governance tokens and voted on their own proposal.

This was a different type of attack. The attacker took out something called a flashloan. A flashloan allows the user to borrow any amount as long as it is paid back instantly. This is possible because of smart contracts. The attack was carried out using the following steps (see this for details):

  1. Borrow using a flash loan from Aave.
  2. Buy 32m coins of Beanstalk. Each coin carries a vote for proposals and this amounts to 79% of the vote (2/3 is required).
  3. Generate 2 proposals: one to transfer out the money from the treasury, and another to donate $250k to the Ukraine relief fund.
  4. Pass both proposals.
  5. Pay back the flash loan.

Though slightly different, this could still be avoided using better code and governance. The gap between a proposal and decision was 24 hours. If this was longer, the attack could have been prevented.

Governance policies can also increase the risk of an attack.

The opportunity

Ultimately, the $1.23 billion is an opportunity. Protocols will be willing to pay to avoid these attacks at all costs.

Bug bounties

Bug bounties help because the protocol can proactively find problems. Immunifi is a platform for protocols to list bounties.

image

Smart contract auditors

As we’ve seen above, there is powerful logic in smart contracts. Protocols hire specialists to audit their code. Consensys, which recently raised $450 million and owns Metamask, offers audit services.

Governance specialists

Governance is also a key part of security for protocols. As we saw above, gaining control via a flash loan could lead to an exploit using proposals and votes. This is also the most underserved area.

To close

We’ve seen a large number of attacks in Web3 recently. These are painful but also a representation of how early we are in the space. Every problem above can be avoided with better code or governance. There are opportunities to build in this space.