The Federal Bureau of Investigation published a security advisory report on their website warning that hackers are increasingly targeting decentralized finance platforms, or “DeFi” to steal cryptocurrency.
“The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.”
A startling amount of cryptocurrency – 97% of all stolen cryptocurrency between January through March 2022 worth $1.3 billion – was stolen through DeFi platforms.
According to the FBI, this is an increase of 72% from 2021 and approximately 30% in 2020.
The FBI reports that cyber criminals defraud DeFi platforms by:
- Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
- Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
- Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle,a and then conducting leveraged trades that bypassed slippage checksb and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.
According to the FBI security advisory, the FBI recommends DeFi platforms take the following precautions:
- Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
- Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.
Hackers and cyber criminals are largely opportunists, exploiting vulnerabilities and flaws in systems for their own gain. Cryptocurrencies and DeFi platforms are ripe for abuse and fraud, and remain a lucrative target for criminals.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.