Criminals have made off with over $10 billion in ‘DeFi’ scams and thefts this year
An illustration showing physical bitcoins alongside binary code displayed on a laptop.
Jakub Porzycki | NurPhoto via Getty Images
LONDON — Investors have lost billions of dollars to criminals targeting so-called “decentralized finance” platforms this year.
According to a report from London-based firm Elliptic, more than $10 billion worth of user funds has been stolen in cases of fraud and theft on DeFi products, which aim to replicate traditional financial services using blockchain technology.
DeFi has often been referred to as the “Wild West” of cryptocurrencies. Such services often promise users huge returns but lack any involvement from middlemen like banks. High-interest rate savings and lending products are a common sight in the space.
But, as is to be expected with a young industry like crypto, DeFi platforms aren’t regulated. It’s something regulators have tried to come to grips with recently amid a spate of major hacks and scams.
Overall losses caused by DeFi exploits has totaled $12 billion so far in 2021, according to Elliptic, a firm which tracks movements of funds on the digital ledgers that underpin cryptocurrencies.
Fraud and theft accounted for $10.5 billion of that sum — a sevenfold increase from last year.
“The DeFi ecosystem is an incredibly exciting and fast-moving space, with financial services innovation happening at light speed,” said Tom Robinson, chief scientist at Elliptic.
“This is attracting large amounts of capital to projects that are not always robust or well-tested. Criminal actors have seen the opportunity to exploit this.”
Over the last two years, the total amount of money deposited at DeFi services has spiked from just $500 million to $247 billion.
It comes as the price of bitcoin and other cryptocurrencies have rallied this year. Ethereum, the network behind the world’s second-biggest digital coin, is considered the backbone of many DeFi applications.
But as the market has grown in size, so has the level of illicit activity. Earlier this year, DeFi platform Poly Network lost more than $600 million in what was, at the time, the biggest cryptocurrency theft of all time.
In a bizarre turn of events, the entirety of the funds was later restored by the hackers, which claimed they exploited Poly Network to highlight flaws in its system.
There have also been a number of so-called “rug pulls,” where scammers convince investors to buy their token and then take off with the funds after raising a certain amount.
Regulators are growing concerned about the rapid rise of DeFi.
The Securities and Exchange Commission is seeking information from Uniswap Labs, the start-up behind a decentralized crypto exchange of the same name, on how investors use the platform and the way in which it is marketed.
A Uniswap Labs spokesperson said the firm was committed to complying with the law and assisting regulators with their inquiries.
The problem, experts say, is that DeFi services often market themselves as decentralized, when that isn’t always the case.
The Financial Action Task Force, a global anti-money laundering watchdog, recently released revised guidance on cryptocurrencies calling on countries to identify individuals with “control or sufficient influencer” over DeFi programs.