> For the complete documentation index, see [llms.txt](https://www.digitalnations.xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.digitalnations.xyz/web3-overview/the-web3-ecosystem/defi/the-dark-side-of-defi/exploits-hacks-and-attacks.md). # Exploits, Hacks and Attacks Like any piece of software, smart contracts with poorly written code have significant vulnerabilities. In the DeFi space, these weaknesses generally manifest in two ways: 1. Hacks – an illegal practice where someone breaks into a smart contract to steal funds 2. Exploits – a legal, but arguably unethical, practice where users figure out a weakness in a contract’s economic model and exploit that for economic gain (imagine a DeFi version of George Soros’s infamous attack on the Bank of England) While estimates on the scope of these losses vary wildly ([Chainalysis](https://ambcrypto.com/7-7-billion-lost-to-crypto-scams-but-how-serious-have-rug-pulls-been/) pegs them at almost $8 billion), research firm [The Block](https://www.theblockcrypto.com/data/decentralized-finance/exploits) has been able to confirm over 70 exploits in the DeFi space as of November, stealing over $1.4 billion. Of these, 34 were “flash loan attacks”, where assailants used flash loans to raise millions of dollars to exploit economic weaknesses. In an ironic twist, $611 million was returned by Poly Network’s hacker, who said that he or she only did it to expose a vulnerability in the network.

Source: The Block

Perhaps more nefarious that hacks or exploits though are scams known as “rug pulls” – when an anonymous founder raises funds through a token issuance and then simply disappears with the money. In late October a group of scammers leveraged the hype of the popular Netflix series to create a Squid Game token, listed the token on decentralized exchanges, raised millions from retail investors and then vanished. These rug pulls can be devastating to the ecosystem, and research firm Chainalysis [reports](https://ambcrypto.com/7-7-billion-lost-to-crypto-scams-but-how-serious-have-rug-pulls-been/) that they caused losses of nearly $3 billion in 2021 alone. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.digitalnations.xyz/web3-overview/the-web3-ecosystem/defi/the-dark-side-of-defi/exploits-hacks-and-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.