Hacks of decentralized finance (DeFi) protocols have become a “full-time job” for professional attackers, according to the founder of blockchain security firm ImmuneFi.
Speaking at Web Summit 2024, ImmuneFi founder Mitchell Amador stated that DeFi hacking has evolved into “an infinitely sustainable and viable business,” even as the crypto space is becoming “undoubtedly” safer.
Amador noted that DeFi hackers are now seeking to inflict greater damage than ever before, with their expertise extending to various domains. He clarified that, “even if they aren’t consistently successful in their hacks, they may engage in MEV or other methods to profit from their specialized skill set.”
Despite this, Amador informed Decrypt that the crypto sector is “becoming significantly safer at a rapid pace.” He referenced ImmuneFi’s Q3 2024 report, which revealed a 38% year-on-year reduction in losses from crypto hacks, totaling just under $424 million.
In the current year, Amador disclosed that crypto losses from hacks have reached slightly over a billion dollars, compared to approximately $3 billion in 2022 and around $1.8 billion in 2023. He emphasized, “This trend persists despite the industry’s increasing value and the rise of on-chain assets, resulting in a significant decline in risk per unit of value.” While hacking incidents are on the rise, he noted that major cases are becoming less frequent.
Amador highlighted the October 2024 hack of Radiant Capital for $50 million as a demonstration of the growing sophistication of DeFi hacks, attributing the incident to North Korean hackers. He described their strategy as targeting private keys through compromising underlying systems and executing spoofed transactions in a unique man-in-the-middle attack. He underscored the trend of hackers leveraging social engineering to exploit vulnerabilities in DeFi protocols, asserting that “human beings always represent the weakest link.”
To bolster the security of the world’s largest smart contract blockchain against attacks, ImmuneFi is organizing the Ethereum Protocol Attackathon, touted as “the world’s largest code contest,” featuring a $1.5 million reward pool.
Amador revealed, “We have numerous hackers participating, all focusing on scrutinizing the Ethereum code base with the $1.5 million incentive to demonstrate their ability to identify critical bugs and report them promptly.”
“This initiative marks a novel approach by the Ethereum Foundation,” he remarked, expressing optimism that the contest will become a recurring event to fortify each major blockchain iteration.
While acknowledging blockchain security as “the most steadfast segment of the crypto industry,” Amador anticipated that the sector would indirectly benefit from the forthcoming Trump administration and its favorable stance towards crypto.
Amador highlighted Trump’s proposed U.S. strategic Bitcoin reserve, asserting that it has prompted European ministries to accelerate their adoption of crypto and cultivate a more hospitable environment. He remarked, “I have personally witnessed this trend.”
He envisioned substantial industry growth and enhanced friendliness resulting from these developments, predicting a subsequent increase in security activities.
In line with its plans, ImmuneFi intends to venture into “automated technologies,” including a significant AI agent that will coordinate the crowdsourcing of “proactive security measures,” Amador disclosed.
He added, “We are advancing bug bounty programs to the next level, and these programs will undergo significant transformation in the next two to three years—it promises to be quite revolutionary.”
