The Dark Side of DeFi

Scared of trading on Uniswap? Want to know the latest DeFi hacks? I cannot guarantee this article will ease your mind. But hopefully, you will end up knowing what to look out for.

This article is based on years of experience in the space. Navigating hacks, elaborate phishing schemes and rug pulls. But I digress. Let’s get started and explore the dark side of DeFi.

In this article I will be talking about the following:

What is DeFi?

DeFi stands for decentralized finance. Traditional financial services are built on the blockchain where users can lend, borrow and trade. Most importantly there is no third party. For more information please read my previous article Everything you need to know about DeFi.

Top 3 DeFi Exploits

So let’s get to the nitty-gritty of the matter, hacks. Over $60 billion in funds have been lost according to the rekt database. Now let’s look at the top exploits:

  1. Terra Luna – Total Loss $40 billion
    • Hands down this is the biggest DeFi exploit in history. From big hedge funds like 3AC to your average joe, everyone was affected. So what caused it? This was caused by the depeg of the algorithmic stablecoin UST. As it continued to decline more people panicked. A bank run type event occurred driving the price to zero. All the while the circulating supply of Luna (the cryptocurrency UST was built on) was increasing. This was to try and maintain the peg of UST. This ultimately caused Lunas price to collapse as well due to hyperinflation.
  2. Ronin Hack – Total loss of $650 million
    • Another huge hack taking place this year was Ronin. This sidechain was created to solve scaling issues for the popular gaming protocol Axie Infinity. On March 29 a North Korean hacker known as “appleworm” exploited validators on the network. Private keys were compromised and the user’s wallets were authorizing withdrawals to the hacker’s address. Consequently, over 173,000 Ethereum was stolen.
  3. Poly Network – Total loss of $610 million
    • On August 10 2021 a hacker exploited the cross-chain protocol. This was the second largest hack in history and was caused by a smart contract exploit. The anonymous hacker got control of the keeper key and in turn the lockbox. This allowed them to authorize transactions. However, in a surprise turn of events, the hacker returned the funds all the while highlighting this critical security flaw.

The Most Common DeFi Scams

According to the FTC, more than 46,000 people have fallen victim to crypto scams since 2021. Hell, even I was a victim of the infamous BitGrail hack. In this section I will be outlining some of the most common scams:

  • Phishing – this trick is about as old as the internet itself. No, you haven’t inherited a large fortune from an African prince. Crypto is no exception. Bad actors send emails trying to get valuable information. Most commonly is your private key.
  • Rug Pull – this is a common scam whereby a project stops all development while taking the user’s funds. This is especially relevant in DeFi as there is no third party to moderate the situation. Also, the team is often anonymous and therefore rarely held responsible. You can avoid rug pulls by picking established cryptocurrencies with a strong team and proven track record.
  • Ponzi Scheme – is another classic. “A Ponzi scheme is a form of fraud that lures investors and pays profits to earlier investors with funds from more recent investors”. This is especially apparent in crypto. If it’s too good to be true then it’s probably a Ponzi. If a stablecoin offer 20% APY then it’s probably a Ponzi. I’m looking at you UST. Ask yourself, where is that yield coming from, and is it sustainable?

What can you do to Protect Yourself?

Hardware wallet, hardware wallet, hardware wallet. The easiest way to protect yourself is by using a hardware wallet. Unlike custodial services like Coinbase, Celsius, or Binance you are in control of your funds. The most used and reputable is a ledger. You can check out my review here.

This leads me to my next point. Never under any circumstance give out your private key. It should be stored offline and out of site. This is important as your private key is a set of randomly generated words that gives full access to your wallet.


As you can see this growing industry has made it a clear target for cybercriminals. As it continues to grow we will see more and more attacks. However, with time protocols will become more and more secure. Hopefully using some of my tips you will stay protected.