One such site, Poly Network, was at the center of a cryptocurrency theft worth $610 million (about Rs 4,530 crore) last week, one of the biggest thefts of all time. Within days of the theft, the decentralized finance (DeFi) platform said that the “white hat” hacker or hackers had returned almost all the loot.
The Poly Network story points to the growing risk of piracy in the fast-growing crypto space. Interviews with industry executives, lawyers and analysts show that this is a sector where $80 billion (about Rs 590 crore) or more is held at one time.
DeFi sites allow users to lend, borrow and save – usually in cryptocurrencies – bypassing the traditional gatekeepers of finance such as banks and exchanges. Proponents say the technology provides cheaper and more efficient access to financial services. But piracy in the Poly Network, previously a lesser-known site, has underscored the potential for crime to breach DeFi sites.
Potential robbers are often able to exploit bugs in the open-source code used by sites. And with regulation still weak, victims usually have little or no recourse.
Centralized exchanges, which act as intermediaries between buyers and sellers of crypto, were previously the main target of crypto cyber thieves.
For example, Tokyo-based exchange Mt.Gox fell into ruin after losing half a billion dollars in a hack in 2014. The theft of $530 million (about Rs 3,930 crore) was carried out in 2018 at Coincheck based in Tokyo.
Many major exchanges, under the regulation spotlight and in an effort to attract mainstream investors, have beefed up security and thefts of such scale are now relatively rare.
Crypto intelligence firm CipherTrace said last week that crime losses on the DeFi platform are at an all-time high, with thieves, hackers and fraudsters raking in $474 million (about Rs 3,510 crore) from January to July.
The spike came as soon as the funds were infused into the DeFi. According to DeFi Pulse the total value placed on such sites is now over $80 billion (about Rs 590 crore) compared to just $6 billion (about Rs 44,490 crore) a year ago.
DeFi experts say security risks occur on new sites that may run on less secure code.
Proponents say the use of open-source code means that vulnerabilities can be quickly identified and resolved by users, reducing the risk of crime. They say that DeFi itself can police it.
Despite all this, DeFi is increasingly the focus of attention for financial regulators and governments around the world who are considering regulating the cryptocurrency sector. US Securities and Exchange Commission (SEC) Chairman Gary Gensler has indicated that he will take a tougher stance on DeFi.
Such platforms could be taken over by US securities law, he said in a speech this month asking Congress to draft legislation to rein in DeFi and crypto trading. Officials from the US Commodity Futures Trading Commission have also indicated more investigations.
In June Commissioner Dan Berkowitz called DeFi a “Hobbesian marketplace” – a reference to a 17th-century philosopher who saw life without government as “bad, cruel and short”. He suggested that unlicensed DeFi platforms for derivatives are violating commodity trading laws.
At the same time, in other places, the move is still slow about it. For example, DeFi is still off the political agenda in the UK. A spokesman for the UK’s financial watchdog said that while some DeFi activities could be covered, much of the area remains unregulated.