On August 29, the US Federal Bureau of Investigation (FBI) updated its advice to DeFi investors, citing a rise in criminal use of smart contracts. The blockchain analysis business discovered in July that hacks were to blame for the overall theft of $1.9 billion in cryptocurrencies in 2022.
The US Federal Bureau of Investigation (FBI) is advising investors in decentralized finance (DeFi) protocols to look for platforms that have finished code audits as a result of an increase in criminals exploiting smart contract vulnerabilities. It issued a warning on Monday about cybercriminals who are increasingly taking advantage of holes in platforms for decentralized finance (DeFi) to steal cryptocurrencies.
In a public service announcement on August 29 that included advice for both investors and DeFi platforms, the FBI stated that cybercriminals were “increasingly taking advantage of vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money.”
DeFi is dominating, however, stay safe with your funds!
DeFi has been actively involved in cryptocurrency theft this year. According to Chainalysis, DeFi protocols were used in an incredible 97% of the cryptocurrency stolen up until May 1. Hacks were to blame for the aggregate theft of $1.9 billion in cryptocurrencies in 2022, according to research conducted by the blockchain industry in July.
Attackers allegedly utilized a variety of techniques to compromise the DeFi platforms and steal cryptocurrency, including starting flash loans that activated smart contract attacks and abusing weaknesses in signature verification in their token bridge to remove all assets.
A few incidents in which the FBI detected thieves misusing DeFi platforms to steal cryptocurrencies were also mentioned by the FBI. A flash loan that resulted in a smart contract hack cost DeFi developers $3 million. Other examples include a $320 million signature verification exploit, a $35 million theft linked to manipulated price pairs, and a $3 million loss.
The agency has also seen fraudsters manipulate cryptocurrency price pairs—assets that may be exchanged for one another on an exchange—by taking advantage of a number of flaws to get around slippage checks and steal about $35 million in virtual money.
According to a research released this month by blockchain analysis company Chainalysis, losses from cryptocurrency thefts have increased by almost 60% in the first seven months of the year to $1.9 billion, driven by a startling increase in money stolen from decentralized finance (DeFi) protocols.
DeFi protocols are particularly vulnerable to hacking because their open source code can be studied in-depth by cybercriminals searching for exploits (although this can also help with security as it allows for code auditing), and it’s possible that protocols’ incentives to reach the market and grow quickly cause lapses in security best practices, the company noted.
The Lazarus Group, a hacker group linked to North Korea, has been blamed for the majority of attacks against DeFi services, and the nation-state foe is also responsible for the theft of about $1 billion.
Advice from FBI to investors for self security
The FBI has provided significant recommendations to DeFi protocol investors. It advised consumers to do their own research and educate themselves about the broader dangers of DeFi. Next, it was suggested to use platforms that had undergone one or more third-party code audits.
People should “be vigilant to DeFi investment pools with exceptionally short join windows and quick implementation of smart contracts, especially without the requisite code audit,” the FBI further advised. Additionally, it emphasized the potential dangers associated with open-source code repositories and “crowdsourced solutions to vulnerability identification and patching.”
In order to find vulnerabilities and create a strategy for warning platform users in the event of a security emergency, law enforcement also suggests using “real-time analytics,” monitoring, and code testing via DeFi protocols.
According to the law enforcement agency, investors should make their own investing decisions based on their financial aims and financial resources and, if they are unsure, should seek guidance from a qualified financial adviser.
The warning comes a month after the FBI have also issued a warning that criminals are creating fake cryptocurrency apps in an effort to scam investors of their digital money.
