The Federal Bureau of Investigation has issued a fresh warning regarding attacks on decentralized finance (DeFi) platforms, claiming that hackers are taking advantage of flaws in the smart contracts that control these platforms.
“Between January and March 2022, cyber criminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms,”The Agency Confirms
The agency confirms, citing an April 2022 report by blockchain analysis firm Chainalysis.
The organization cites three methods cybercriminals have employed to launch attacks:
- Initiating a flash loan, as in the attack on the Ethereum DeFi Project bZx in November 2021, during which cybercriminals stole digital assets worth $55 million.
- Exploiting a flaw in the token bridge of the DeFi platform, as was done with the Nomad token bridge earlier this month.
- Manipulating cryptocurrency prices through the use of a single price oracle and a number of vulnerabilities, as was done in the April 2022 Deus Finance exploit when thieves stole $13.4 million.
“Cybercriminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms,”The agency highlights
Blockchain security companies have long kept track of the most common ways that hackers compromise smart contracts.
These are dangerous exploits because, according to the Ethereum Foundation, smart contract code typically cannot be changed to patch security flaws, assets that have been stolen from smart contracts are irrecoverable, and stolen assets are extremely difficult to track.
Cybercriminals do not only target high-value targets like DeFi platforms. The “NFTs and Financial Crime” report was published last week by blockchain analysis company Elliptic. According to the report, NFTs totaled more than $100 million between July 2021 and July 2022.
The FBI advises investors to carefully research DeFi platforms, protocols, and smart contracts before making a purchase and to be aware of any associated risks.
For instance, the agency advises users to see if the platform has undergone one or more independent auditors’ code audits. Additionally, the FBI advises caution when dealing with investment pools that offer extremely short windows of opportunity to join and deploy smart contracts quickly, especially without the advised code audit.