The Federal Bureau of Investigation has issued a fresh warning on assaults on decentralized finance (DeFi) systems, claiming that hackers are taking advantage of flaws in the smart contracts that control these platforms.
According to an April 2022 report by blockchain analysis company Chainalysis, “Cyber criminals stole $1.3 billion in cryptocurrencies between January and March 2022, over 97 percent of which was stolen on DeFi platforms,” the agency claims.
The organization cites various methods that cybercriminals employ to launch attacks.
They initiated a flash loan, as in the attack against the Ethereum DeFi Project bZx in November 2021, during which cybercriminals stole digital assets worth $55 million.
They exploit a flaw in the token bridge of the DeFi platform, as was done with the Nomad token bridge earlier this month.
They undertake manipulation of cryptocurrency values through a single price oracle and several vulnerabilities, as was done in the April 2022 Deus Finance attack when thieves stole $13.4 million.
Cybercriminals want to profit from investors’ growing interest in cryptocurrencies and the open source nature of DeFi systems, and the intricacy of cross-chain capabilities, the agency claims.
Blockchain security companies have long kept track of the most common ways hackers attack smart contracts.
These are dangerous exploits, according to the Ethereum Foundation,
“smart contract code typically cannot be updated to remedy security holes, funds that have been stolen from smart contracts are irrecoverable, and stolen assets are exceedingly difficult to monitor.”
Cybercriminals do not only target high-value targets like DeFi platforms. Blockchain analysis company Elliptic published the “NFTs and Financial Crime” paper last week. According to the research, NFTs totaled more than $100 million between July 2021 and July 2022.
FBI’s Advice to Investors
The FBI advises investors to carefully research DeFi platforms, protocols, and smart contracts before purchasing and to be aware of any associated dangers. For instance, the agency advises users to see if the platform has undergone one or more independent auditors’ code audits.
Additionally, the FBI advises care when dealing with investment pools that provide extremely short windows of opportunity to quickly join and implement smart contracts, especially without the advised code audit.