Following a spate of thefts from decentralized finance (DeFI) platforms, the Federal Bureau of Investigation (FBI) has warned that criminals are increasingly exploiting bugs on these platforms to steal investors’ cryptocurrency.
The FBI has Issue a warning For investors who put money into DeFI platforms, they may be exposing themselves to financial losses due to vulnerabilities in the smart contracts that govern the platforms.
DeFi is an emerging digital financial infrastructure It theoretically eliminates the need for a central bank or government agency to approve financial transactions, and is closely related to the development of blockchain technologies.
But now the FBI is warning that investors are getting burned by attackers who exploit vulnerabilities in smart contracts.
“A smart contract is a self-executing contract with terms of agreement between a buyer and seller written directly into lines of code that reside across a distributed and decentralized blockchain network. Cybercriminals are seeking to take advantage of investor interest in cryptocurrencies, as well as the complexity of cross-chain functionality and the open source nature of platforms DeFi,” the FBI stated.
Researchers From British penetration testing company Bishop Fox That 51% of attacks on DeFI projects in 2021 exploited vulnerabilities in smart contracts, followed by platform protocol and design flaws with 18%. Most of the attacks were considered uncomplicated.
pirates He stole $80 million from DeFI Qubit Finance earlier this year by exploiting a vulnerability in its QBridge protocol. pirates He also received $30 million from Grim Finance in late 2021 by exploiting a defect in the treasury contract.
American blockchain analysis firm Chainalysis mentioned That 97% of the $1.3 billion in cryptocurrency stolen in the first quarter of 2022 was from DeFI platforms. DeFI thefts took off in 2021 when DeFI hacks accounted for 71% of financial losses, while most crypto thefts previously targeted individual wallets or crypto exchanges.
The FBI says it has observed cybercriminals defrauding DeFI platforms with individual vulnerabilities affecting smart contracts and signature verification elements, as well as tying together several flaws to manipulate price pairs. These include:
- The initiation of a rapid loan led to a DeFi smart contract exploit, causing investors and project developers to lose nearly $3 million in cryptocurrency as a result of the theft.
- Exploiting a signature verification vulnerability in the DeFi token bridge and withdrawing all of the platform’s investment, resulting in an estimated loss of $320 million.
- Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including using the DeFi price-one oracle platform and then making leveraged trades that bypass slippage checks and took advantage of price calculation errors to steal nearly $35 million in cryptocurrency.
The FBI urges investors to treat DeFI platforms with caution but also acknowledges that the investment carries risks. Investors should research platforms, protocols, and smart contracts before investing and ensure that the platform has conducted an audit of the token.
The FBI also warns investors to be wary of “DeFi investment pools with very limited time frames for joining and rapid deployment of smart contracts, especially without recommended code audits.”
The project also cautions that being aware of the potential risks posed by crowdsourcing solutions to identify and correct weaknesses. The report notes that “open source code repositories allow unrestricted access to all individuals, including those with nefarious intent.”