Smart contracts that govern DeFi platforms were identified as a particular cause for concern for the enforcement agency.
The United States Federal Bureau of Investigation (FBI) has issued a new warning for investors in decentralized finance (DeFi) platforms, which have been targeting the exploitation of $1.6 billion in 2022.
In a public notice on Tuesday to the FBI Cyber Crime Complaint Center, the agency said the abuses caused investors to lose money, advising investors to do their due diligence before using DeFi platforms. Test
The law enforcement agency further warned that cybercriminals are out in force to take advantage of” investors’ increased interest in cryptocurrencies,” and” the complexity of cross-chain functionality and open-source nature of Defi platforms.”
The FBI has observed that cybercriminals use vulnerabilities in smart contracts that govern DeFi platforms in order to steal investors’ cryptocurrency.
In one specific example, the FBI cited cases where hackers used a “signature verification vulnerability” to plunder $321 million from the Wormhole token bridge back in February. It also mentioned a flash loan attack that was used to trigger an exploit in the Solana DeFi protocol Nirvana in July.
According to an analysis by blockchain security firm CertiK, more than $1.6 billion has been used in the DeFi space since the beginning of the year, more than the total amount stolen in 2020 and 2021.
While the FBI admitted that “all investment involves some risk,” the agency has recommended that investors research DeFi platforms extensively before use and, when in doubt, seek advice from a licensed financial adviser.
The company says it is important to ensure that the platform’s code of conduct is robust and that one or more code reviews have been conducted by independent auditors.
Archetypally, a code audit involves a review of the platform’s underlying code to identify vulnerabilities or weaknesses, which could be exploited.
According to the FBI, any DeFi investment pools with an “extremely limited timeframe to join” or “rapid deployment of smart contracts” should be treated with extreme caution, especially if they do not conduct a code audit.
Crowdsourced solutions, ideas, or content creation by soliciting contributions from a large group of people, were also flagged by the law enforcement agency:
“Open-source code repositories allow unfettered access to all individuals, including those with nefarious intentions.”
The FBI said DeFi platforms can play a role to improve security by testing their code regularly to identify vulnerabilities, along with real-time analytics and monitoring.
The recommendation includes an incident response plan and informing users about possible platform vulnerabilities, hacks, exploits, or other suspicious activity are also among the recommendations.
However, if all else fails, the FBI urges American investors targeted by hackers to contact them through the Internet Crime Complaint Center or their local FBI field office.
Earlier this year, Deputy US Attorney Lisa Monaco announced that the FBI has stepped up efforts to combat digital asset crimes by creating a Virtual Asset Exploitation Unit.
This dedicated team specializes in digital currencies and brings together experts to help with blockchain analysis as part of their focus on disrupting international criminal networks.
Leave a Reply