2 min read

FBI Says Hackers Are Increasingly Exploiting Flaws in DeFi Platforms to Steal Cryptocurrency

Filip TRUȚĂ

August 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI Says Hackers Are Increasingly Exploiting Flaws in DeFi Platforms to Steal Cryptocurrency


The FBI has is warning crypto investors that cybercriminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to pilfer funds from unsuspecting victims.

In a public service announcement, the Bureau says the thieves are leveraging vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency. Investors who suspect they’ve been a victim are instructed to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

Cybercriminals are apparently taking advantage of the complexity of cross-chain functionality and the open source nature of DeFi platforms to find vulnerabilities to exploit.

Citing data from Chainalysis, the agency reports that hackers stole $1.3 billion in cryptocurrencies between January and March 2022. Around 97% of that was stolen from DeFi platforms, an increase from 72% in 2021 and 30% in 2020.

According to the FBI, threat actors’ methods include:

  • Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
  • Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdrawing all of the platform’s investments, inflicting some $320 million in losses.
  • Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle, and then conducting leveraged trades that bypassed slippage checks, and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

If in any doubt, investors are told to seek advice from a licensed financial adviser. They should also research DeFi platforms, protocols and smart contracts before reaching for their wallet, and make sure they are fully aware of the risks specific to DeFi investments.

A good rule of thumb is to ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors, so that any vulnerabilities or weaknesses in the code have been identified and fixed.

Stakeholders would be smart to steer clear of DeFi investment pools with extremely limited timeframes, especially without the recommended code audit.

Also important is to be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching, as “open source code repositories allow unfettered access to all individuals,” including malicious actors, the FBI notes.

As for DeFi platform providers, the agency recommends instituting real-time analytics, monitoring and rigorous testing of code to be able to quickly combat any vulnerabilities or indicators of suspicious activity.

Finally, DeFi vendors should develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities or other suspicious activity is detected.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read
Hive ransomware has extorted $100 million in 18 months, FBI warns Hive ransomware has extorted $100 million in 18 months, FBI warns
Graham CLULEY

November 23, 2022

2 min read
Some DraftKings Accounts Compromised in Credential Stuffing Attack; Company Promises to Return Lost Funds Some DraftKings Accounts Compromised in Credential Stuffing Attack; Company Promises to Return Lost Funds
Silviu STAHIE

November 22, 2022

1 min read