FBI: Cyber criminals are targetting DeFi platforms to steal crypto
Bureau warns that criminals are capitalising on DeFi platform vulnerabilities and investor naivety
The US Federal Bureau of Investigation (FBI) says cybercriminals are increasingly resorting to decentralised finance (DeFi) platforms to steal cryptocurrency.
Issuing a public service announcement, the organisation said that in the first three months of this year, cyber criminals stole $1.3bn (£1.1bn) in cryptocurrency, a 72% increase from 2021 and 30% higher than in 2020.
Citing the blockchain analysis firm Chainalysis, the FBI said that 97% of the funds stolen in the first quarter of 2022 were purloined from DeFi platforms.
DeFi platforms targetted
In recent years DeFi developers have sought to fulfil the promise of the burgeoning cryptocurrency sector by making projects that challenge the existing financial framework.
The key appeal of such projects has been their use of “smart contracts”, self-executing contracts directly encoded with the terms of the agreement between the buyer and seller that exist across a distributed, decentralised blockchain.
Although this system promises to make transactions and functions cheaper and more efficient by cutting out financial middlemen, the FBI warned that cyber criminals are taking advantage of the complexity of cross-chain functionality and the open source nature of DeFi platforms to defraud investors.
Reminding investors that “investment involves risk”, the bureau recommended that investors undertake proper research before committing funds, and check that the DeFi investment platforms they are using have had one or more code audits performed by independent auditors.
Highlighting the threat posed by crowdsourced solutions to vulnerability identification and patching, the FBI said: “Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.”
There is scant evidence that the trend of cyber criminals targetting DeFi platforms has slowed down in the third quarter of 2022. Earlier in August, $190m in cryptocurrency was hacked from Nomad, a cross-chain bridge, while almost $6m was drained from 8,000 Solana wallets.
The FBI has advised DeFi platforms to institute real-time analytics, monitoring and code testing in order to detect suspicious activity quickly. It has also called for platforms to develop an incident response plan that alerts investors when exploitation is detected.