FBI offers a warning regarding internet criminals targeting DeFi
August 30, 2022 5:31 AM
The enforcement agency has a specific reason to be concerned about smart contracts managing DeFi platforms.
Decentralized finance (DeFi) platforms have been the target of $1.6 billion in vulnerabilities in 2022, according to a new warning from the US Federal Bureau of Investigation (FBI) for investors in these platforms.
According to a public service announcement posted on the FBI's Internet Crime Complaint Center on August 29, the exploits have cost investors money. The FBI advises investors to thoroughly investigate Defi platforms before utilizing them and calls on the platforms to increase monitoring and carry out rigorous code testing.
As "investors' rising interest in cryptocurrencies," "the intricacy of cross-chain functionality," and "the open source nature of Defi platforms" all continue to attract the attention of hackers, the law enforcement agency issued a warning that the tide has turned.
The FBI has seen fraudsters using loopholes in the smart contracts that regulate DeFi platforms to steal cryptocurrency from investors.
The FBI gave a concrete example of instances where hackers stole $321 million from the Wormhole token bridge in February via a "signature verification vulnerability." It also mentioned a flash loan assault that was utilized in July to open a vulnerability in the Solana DeFi protocol Nirvana.
But that's just a drop in a much larger ocean; in fact, the amount of money abused from the DeFi space since the year's beginning—over $1.6 billion—exceeds the sum of all thefts in 2020 and 2021 put together, according to a CertiK in M examination of blockchain security.
The FBI advises practicing due diligence and conducting tests
Although the FBI acknowledged that "all investments carry some risk," it has nonetheless advised investors to thoroughly examine DeFi platforms before using them and, if in doubt, consult a qualified financial adviser.
The agency also stressed the significance of having at least one code audit performed by independent auditors to guarantee the platform's sound practices.
In order to find weaknesses or vulnerabilities that could be exploited, a code audit often include a study of the platform's underlying code.
The FBI warns that investors should be wary of any DeFi investment pools that have "an extremely short timeline to join" or "rapid deployment of smart contracts" and have not performed a code audit.
The agency also raised concerns about "crowdsourced solutions," which are developed by asking a large number of people for input.
"Everyone, including individuals who have bad intentions, is allowed to access open source code repositories."
The FBI claimed that alongside real-time analytics and monitoring, DeFi platforms can also contribute to greater security by routinely testing their code to find flaws.
Also suggested is the creation of an incident response plan and the dissemination of information to users concerning the existence of any known platform vulnerabilities, hacks, exploits, or other forms of malicious activity.
When all else fails, however, the FBI asks that victims of hacking who are American citizens to file a report with the Internet Crime Complaint Center or their local FBI office.
The creation of the Virtual Asset Exploitation Unit earlier this year was announced by U.S. Deputy Attorney General Lisa Monaco as part of an increase in FBI efforts to combat crime involving digital assets.
As part of a transition away from simply prosecuting multinational criminal networks, the team's focus has shifted to cryptocurrencies, and its members include blockchain analysis experts.