FBI Issues Warning About Decentralized Finance (Defi) Exploits

The Federal Bureau of Investigation (FBI) stated that there has been an increase in the number of cybercriminals exploiting the security vulnerabilities in smart contracts for stealing cryptocurrency.

The agency published an advisory on Monday in which it issued a warning to investors about a significant increase in attacks that target platforms operating in the decentralized finance (DeFi) space.

This year’s exploits

This year between January and March, hackers had stolen cryptocurrencies worth almost $1.3 billion. The FBI cited data put forward by Chainalysis, which showed that 97% of these attacks had occurred on DeFi platforms.

This is a rise from 2020 as well as 2021 because thefts in the DeFi space were only 30% and 72%, respectively, of the total value of the cryptocurrency stolen.

According to the agency, a variety of methods have been employed by cybercriminals for fleecing different decentralized finance (DeFi) protocols.

In one case, a flash loan attack was carried out by the hackers, which saw cryptocurrency worth $3 million stolen.

There was another attack that targeted a vulnerability in the signature verification of the token bridge of a platform, which resulted in losses of about $320 million.

Recent hacks

Most of the prolific attacks that have occurred in recent months also fall into the same categories mentioned above.

For instance, the North Korean state-sponsored hacking group called Lazarus carried out the largest crypto hack ever with Axie Infinity becoming the target.

According to reports, the Remote Procedural Call node had a backdoor that was exploited by the group for forging fake withdrawals through private keys that were compromised.

Another recent attack turned out to be a hacking ‘free-for-all’, as almost $200 million worth of crypto was stolen from users of the Nomad bridge because of a misconfiguration.

Precautions

The FBI has suggested that investors take some precautions before they decide to risk their funds on a decentralized finance (DeFi) platform.

The agency recommended that those who want to invest should first do their research into the platform itself and also check the details of the smart contract used by the platform in question.

Moreover, it also suggested that investors should only invest their money on DeFi protocols that have been made for code audits that are conducted independently.

In addition, it said that investors should steer clear of investment pools that come with very limited timeframes for joining.

The FBI stated that the increasing interest of investors in cryptocurrencies is something that these cybercriminals have learned to exploit.

Likewise, the open source nature of decentralized finance (DeFi) platforms and the complex nature of cross-chain functionality is also something they have leveraged.

Therefore, the agency said that investors need to consider their financial objectives as well as their financial resources for making investment decisions.

Furthermore, it also said that if they have any doubts, it is best to get advice from a licensed financial adviser and then invest your money, be it in cryptocurrency or any DeFi protocol.