FBI issues security warnings for DeFi platforms

  • The FBI said that 97 percent of the total $1.3 billion stolen in digital assets was taken from DeFi platforms.
  • The FBI also explains how the hackers exploit the vulnerabilities in smart contracts on open-source DeFi platforms.

On Monday, August 29, the Federal Bureau of Investigation (FBI) issued a warning while citing major attacks against decentralized finance (DeFi) platforms. As per the FBI, cybercriminals have been exploiting the vulnerabilities in the smart contracts on the Defi platforms.

Over the last year, decentralized finance (DeFi) platforms have been subject to major attacks. Crypto hackers have been majorly targeting the cross-chain bridges on DeFi stealing hundreds of millions of dollars. During Q1 of 2022, cyber criminals stole a staggering $1.3 billion in digital assets.

Citing a report from blockchain analysis firm Chainalysis, the FBI noted that 97 percent of the total money stolen belongs to DeFi platforms. This represents a 72 percent increase from DeFi thefts in 2021 and a 30 percent increase from 2020. In its official announcement, the FBI noted:

The FBI is warning investors cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money. The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency.

The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

FBI explains how cybercriminals launch attacks

As per the FBI, cybercriminals have been taking advantage of investors’ increased interest in cryptocurrencies. They have been exploiting the open-source DeFi platforms while exploiting the complexity of cross-chain functionality.

As per the FBI, cybercriminals initiated a flash loan triggering an exploit in the smart contracts running on DeFi platforms. As a result of this theft, investors and crypto criminals lost more than $3 million in total.

Furthermore, cybercriminals exploited a signature verification vulnerability in the DeFi platform’s token bridge. As a result,  they managed to withdraw the platform’s investment resulting in losses of more than $350 million. Finally, the FBI explains:

Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle, and then conducting leveraged trades that bypassed slippage checks and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

Earlier this month, we covered a story about how a developer managed to fake an entire DeFi ecosystem duping investors worth millions of dollars. Amid all the hacks and thefts this year, trading volumes in decentralized finance (DeFi) have dropped significantly this year.

The FBI has advised DeFi platforms to take necessary precautions through “real-time analytics, monitoring, and rigorous testing of code”. This will help them quickly identify vulnerabilities and respond to indicators of suspicious activities.

Related: FBI launches new unit to ‘aggressively track crypto criminals’