FBIs’ Advices to Investors and DeFi Platforms to Avoid Crypto Crimes
Cybercriminals are taking advantage of vulnerabilities in the smart contracts that govern decentralized finance (DeFi) platforms, according to a new warning that was issued by the Federal Bureau of Investigation (FBI) on Monday. The warning focused on attacks against decentralized finance (DeFi) platforms.
According to the agency, which cites a report published in April 2022 by the blockchain analysis firm Chainalysis, cybercriminals stole $1.3 billion worth of cryptocurrencies between January and March 2022. Almost 97 percent of the cryptocurrency was stolen via DeFi networks.
The agency cites the following three methods that cybercriminals have implemented in order to carry out attacks:
- “Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
- Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
- Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle,a and then conducting leveraged trades that bypassed slippage checksb and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.”
“Cybercriminals attempt to take advantage of investors’ rising interest in cryptocurrencies,” the agency states. “They also seek to take advantage of the intricacy of cross-chain capabilities and the open source nature of DeFi systems.”
Blockchain security companies have been keeping close tabs on the vectors that are used most frequently by cyber criminals to compromise smart contracts for a long time.
Exploits at this level are problematic because, according to the Ethereum Foundation, “smart contract code can typically not be modified to correct security holes, funds taken from smart contracts are irrecoverable, and stolen assets are exceedingly difficult to monitor.”
Cybercriminals go after various high-value targets, and DeFi systems are just one of them. Elliptic, a blockchain analysis company, released their report titled “NFTs and Financial Crime” just the week before. According to the research, there was more than one hundred million dollars worth of NFTs between July 2021 and July 2022.
Recommendations of FBI to Crypto Investors
The investment includes risk. Investors should make their own investment decisions based on the financial goals they have set for themselves and the available resources; however, if they have any questions or concerns, they should consult with a registered financial adviser. In addition, the FBI advises potential investors to exercise caution in the following areas:
- Before investing, research decentralized finance platforms, protocols, and smart contracts, and be aware of the special dangers associated with decentralized finance investments.
- Make that the DeFi investment platform has undergone at least one code audit carried out by a third-party auditing firm. In most cases, a code audit will consist of a comprehensive study and analysis of the underlying code of the platform to locate any vulnerabilities or weaknesses in the code that may have the potential to adversely affect the performance of the platform.
- Be wary of DeFi investment pools that have extremely short joining periods and deploy smart contracts quickly, especially if there is no recommended code audit.
- Be mindful of the potential dangers that may arise from using crowdsourced solutions for identifying and patching vulnerabilities. Repositories of open-source code provide unrestricted access to all users, including those whose actions are motivated by malicious intent.
Recommendation to DeFi Platforms
The Federal Bureau of Investigation advises that public Wi-Fi hotspots implement the following safety measures:
- In order to more quickly uncover vulnerabilities and respond to indicators of suspicious behavior, implement real-time analytics, monitoring, and thorough testing of code.
- Create and put into action a plan for responding to incidents, which should include a mechanism for notifying investors of any exploits of smart contracts, vulnerabilities, or other suspicious goings-on that are discovered.