The US Federal Bureau of Investigation (FBI) has issued new warnings to investors in decentralized finance (DeFi) platforms. Cybercriminals are increasingly exploiting security flaws in DeFi platforms to steal cryptocurrency. In 2022 alone, investors lost $1.6 billion in exploits.
The FBI stated, “The FBI has observed cybercriminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency.”
The #FBI warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: https://t.co/fboL1N17JN pic.twitter.com/VKdbpbmEU1
— FBI (@FBI) August 29, 2022
In a public service announcement published on the FBI’s Internet Crime Complaint Center, the agency stated that nearly 97 percent of the cryptocurrency stolen between January and March 2022 was stolen from DeFi platforms.
The agency stated that the exploits cost investors’ money and advised investors to conduct research on DeFi platforms before using them and to urge platforms to improve monitoring and conduct code testing.
The FBI has warned that cybercriminals intend to exploit investors’ interest in cryptocurrencies and the complexity of functionality surrounding the open-source nature of DeFi platforms. The FBI has observed cybercriminals exploiting vulnerabilities in smart contracts that govern DeFi platforms to steal cryptocurrency from investors.
“Open source code repositories allow access to all individuals, including those with intentions,” the FBI said in a statement.
FBI asks investors to do proper research before investing
The FBI’s warning comes as DeFi platforms, which do not rely on third parties to conduct financial transactions on the blockchain, have been subjected to several major attacks this year, including the massive near $650 million Ronin bridge exploit earlier this year.
The FBI has advised investors to conduct thorough research on DeFi platforms and seek advice from a licensed financial advisor. The agency mentioned code audits performed by independent auditors, which refer to a review of the platforms’ underlying code to identify vulnerabilities that can be exploited.
The FBI also briefed on how DeFi platforms can help increase security by testing their code for vulnerabilities and providing real-time analytics and monitoring. The FBI has urged American investors who hackers have targeted to contact the Internet Crime Complaint Center or their local FBI field office.
Earlier, US Deputy Attorney General Lisa Monaco announced the formation of the Virtual Asset Exploitation Unit as part of the FBI’s increased efforts to combat crime in the digital asset space.
According to a blog post on Chainalysis, seven of the ten most significant attacks in the fifteen months since April 2022 have targeted DeFi platforms. These seven DeFi hacks resulted in a $1.6 billion theft, while the three exchange hacks resulted in a $960 million heist.
As per the FBI’s information, criminals typically exploit DeFi platforms by initiating a flash loan vulnerability, exploiting signature verification, or manipulating trading pairs. To that end, the agency advised investors to conduct due diligence when using DeFi platforms and to use platforms that have undergone audits or have been in operation for some time.
According to the bureau, DeFi platforms should begin implementing real-time analysis, monitoring, and testing. The bureau suggested that the platforms should also have a strategy for dealing with exploits and alerting investors.
