The U.S. Federal Bureau of Investigation (FBI) has issued a new warning to investors in decentralised finance (DeFi) platforms, which have been the target of $1.6 billion in exploits in 2022.
In a public service announcement posted on the FBI’s Internet Crime Complaint Center on August 29, the agency said that the exploits have caused investors to lose money. It advised investors to do thorough research on Defi platforms before using them and asked platforms to improve their monitoring and test their code more thoroughly.
The law enforcement agency warned that cybercriminals are out in force to take advantage of “investors’ growing interest in cryptocurrencies” and “the complexity of cross-chain functionality and open source nature of Defi platforms.”
The #FBI warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: https://t.co/fboL1N17JN pic.twitter.com/VKdbpbmEU1
— FBI (@FBI) August 29, 2022
The FBI saw cybercriminals take advantage of vulnerabilities in the smart contracts that run DeFi platforms to steal cryptocurrency from investors.
In one case, the FBI said, hackers, mentioned $321 million from the Wormhole token bridge in February by taking advantage of a “signature verification vulnerability.” It also mentioned about a flash loan attack, which was used in July to take advantage of a flaw in the Solana DeFi protocol Nirvana.
But that’s just a drop in a huge ocean. According to an analysis by blockchain security firm CertiK in M, more than $1.6 billion has been stolen from the DeFi space since the beginning of the year. This is more than the total amount stolen in 2020 and 2021 put together.
FBI recommends due diligence, testing
Even though the FBI said that “all investments involve some risk,” the agency advised investors to do a lot of research on DeFi platforms before using them and to ask a licenced financial adviser for help if they were unsure.
The agency also said that it was very important for the platform to have good protocols and that the code had been checked by independent auditors at least once.
During a code audit, the underlying code of the platform is usually looked at to find holes or weaknesses that could be used against it.
The FBI says that you should be very careful with any DeFi investment pools that have “an extremely short time to join” or “rapid deployment of smart contracts,” especially if they haven’t done a code audit.
The law enforcement agency also looked out for “crowdsourced” solutions, which are made by getting ideas or content from a large group of people.
“Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.”
The FBI said that DeFi platforms can also do their part to improve security by regularly testing their code to find vulnerabilities and by using analytics and monitoring in real time.
One of the suggestions is to have a plan for how to handle an incident and to let users know about possible platform vulnerabilities, hacks, exploits, or other suspicious activity.
But if none of those things work, the FBI tells American investors who are the target of hackers to get in touch with them through the Internet Crime Complaint Center or their local FBI field office.
Lisa Monaco, the U.S. Deputy Attorney General, said earlier this year that the FBI was putting together the Virtual Asset Exploitation Unit to do more to fight crime in the digital asset space.
The specialised team is focused on cryptocurrencies and has experts who can help with blockchain analysis. This is part of a shift away from just prosecuting international criminal networks and toward stopping them.