Our Blog

FBI issues alert over cybercriminal exploits targeting DeFi

Smart contracts governing DeFi platforms identified as a particular cause for concern for the enforcement agency. The U.S Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in decentralized finance (DeFi) platforms, which have been targeted with $1.6 billion in exploits in 2022.

In an Aug. 29 public service announcement on the FBI's Internet Crime Complaint Center, the agency said the exploits have caused investors to lose money advising investors to conduct diligent research about Defi platforms before using them
 

while also urging platforms to improve monitoring and conduct m rigorous code testing. The law enforcement agency warned that cybercriminals are out in force to take advantage of "investors' increased interest in cryptocurrencies," and "the complexity of cross-chain functionality and open source nature of Defi platforms."

The FBI observed cybercriminals exploiting vulnerabilities in smart contracts that govern DeFi platforms in order to steal investors' cryptocurrency.


👉 Keep Pushing Your Profitable Trading With 👈

✅AssetsFX✅

 


In a specific example, the FBI mentioned cases where hackers used a "signature verification vulnerability" to plunder $321 million from the Wormhole token bridge back in February. It also mentioned a flash loan attack that triggered an exploit in the Solana DeFi protocol Nirvana in July. 

However, that's just a drop in a vast ocean; according to an analysis from blockchain security firm CertiK in M, since the start of the year, over $1.6 billion has been exploited from the DeFi space, surpassing the total amount stolen in 2020 and 2021 combined.

FBI recommends due diligence, testing
 

While the FBI admitted that "all investment involves some risk," the agency has recommended that investors research DeFi platforms extensively before use, and when in doubt, seek advice from a licensed financial adviser.

The agency said it was also very important that the platform's protocols are sound, and to ensure they have had one or more code audits performed by independent auditors.

assetsfx

Typically, a code audit involves a review of the platforms underlying code to identify vulnerabilities or weaknesses which could be exploited. According to the FBI, any DeFi investment pools with an "extremely limited timeframe to join" or "rapid deployment of smart contracts" should also be cautiously approached, especially if they have not conducted a code audit.

Crowdsourced solutions, generating ideas or content by soliciting contributions from a large group of people, were also flagged by the law enforcement agency. "Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions."
 

The FBI said DeFi platforms can also do their part to increase security by testing their code regularly to identify vulnerabilities, along with real-time analytics and monitoring.An incident response plan and informing users about possible platform vulnerabilities, hacks, exploits, or other suspicious activity are also among the recommendations.

However, failing all that, the FBI urges American investors targeted by hackers to contact them through the Internet Crime Complaint Center or their local FBI field office.


👉 Top THREE Award-Winning Brokers in 2022 ðŸ‘ˆ

✅LiteFinance✅✅IC Markets✅✅ Avatrade✅
 


Earlier this year, U.S. Deputy Attorney General Lisa Monaco announced the FBI was stepping up its efforts to address crime in the digital asset space by forming the Virtual Asset Exploitation Unit.

The specialized team is dedicated to cryptocurrency and includes experts to help with blockchain analysis as part of a shift in focus toward disruption of international criminal networks rather than just their prosecution. - cointelegraph


Hot Topics

Ukraine war: Russian recruitment drive unlikely to have an impact - UK

Ethereum Price Faces Sell-Off; how Far Is The Correction Going To Go?

What are the best forex trading platforms, brokers