The US Federal Bureau of Investigation (FBI) has issued a warning over cybercriminal exploits targeting investors in decentralized Finance (DeFi) platforms.
As per blockchain analysis firm Chainalysis, cybercriminals stole $1.3 billion in cryptocurrency between January and March 2022. Almost 97% of the theft amount was stolen from DeFi platforms.
The law enforcement agency warned that cybercriminals are focused on taking advantage of investors’ increased interest in cryptocurrencies. The FBI also said that cybercriminals are exploiting vulnerabilities in the smart contracts that govern DeFi platforms in order to steal investors’ cryptocurrency.
In a public service announcement on the FBI’s Internet Crime Complaint Center, the agency stated that due to the exploits investors kept on losing money. To prevent such theft activities, the FBI suggested investors conduct a thorough research about DeFi platforms before using them.
At the same time, the agency also advised platforms to improve monitoring and conduct rigorous code testing. The complexity of cross-chain functionality and open source nature of DeFi platforms makes it vulnerable in security, stated the agency.
The FBI mentioned cases where hackers used a ‘signature verification vulnerability’ to steal $321 million from the Wormhole token bridge in February. However, the FBI admitted that all investments involve some risk. Hence, it is recommended that investors research the DeFi platform extensively and when in doubt, seek advice from a licensed financial adviser.
It also gave a specific example of a flash loan attack that was used to trigger the Solana DeFi protocol Nirvana in July. The agency also said that platforms should inform users about potential vulnerabilities, hacks, exploits, or other suspicious activity, along with an incident response plan.
According to the FBI, any DeFi investment pools with an “extremely limited timeframe to join” or “rapid deployment of smart contracts” should also be approached with extreme caution, especially if they have not conducted a code audit.
FBI urges American investors targeted by hackers to contact them through the Internet Crime Complaint Center or their local FBI field office.