Cyberthieves are increasingly targeting decentralized finance (DeFi) platforms, the FBI said, urging investors to conduct thorough research and platforms to amplify monitoring and code testing.
DeFi’s “complexity of cross-chain functionality and open source nature” make it easier for cybercriminals to take advantage of “investors’ increased interest in cryptocurrencies,” according to a notice from the Internet Crime Complaint Center (ic3), a division of the FBI.
See also: Millions Drained in Solana Wallet Hack
Close to 97% of the $1.3 billion swiped in crypto by cyberthieves was stolen from DeFi platforms, a 72% increase over 2021 and a 30% increase over 2020, the notice indicated, citing Chainalysis data. DeFi platforms don’t use third parties to carry out financial transactions on the blockchain and have been the targets of numerous attacks this year alone.
Cybercriminals were observed exploiting vulnerabilities in the smart contracts that govern DeFi platforms, the FBI said. DeFi platforms are often attacked by initiating a flash loan vulnerability that triggers an exploit in the platform’s smart contracts or by exploiting a signature verification in the token bridge.
“Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments,” the notice advises investors. “Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors.”
The FBI also warned investors about another common DeFi fraud — manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities. This includes the DeFi platform’s “use of a single price oracle and then conducting leveraged trades that bypassed slippage checks and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies,” according to the notice.
The agency urged platforms to rigorously test code to spot vulnerabilities faster and integrate real-time analytics and monitoring. The FBI also suggests that DeFi platforms create an incident response plan that “includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.