FBI warns investors to take precautions with decentralized finance platforms


The US Federal Bureau of Investigation (FBI) warned on Monday that cybercriminals are increasingly exploiting loopholes in decentralized finance (DeFi) platforms to plunder cryptocurrency.

“The FBI observed cybercriminals exploiting vulnerabilities in smart contracts governing DeFi platforms to steal cryptocurrency from investors,” the agency said in a notification.

Attackers reportedly used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms’ smart contracts and exploiting signature verification flaws in their bridge. of tokens to withdraw all investments.

cyber security

The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded against each other on an exchange – by exploiting a series of vulnerabilities to circumvent security checks. slipping and stealing around $35 million in digital funds.

He further stated that threat actors seek to take advantage of the growing public interest in cryptocurrencies to carry out nefarious activities, again indicating the opportunistic nature of the attacks.

Decentralized financial platforms

Indeed, losses from cryptocurrency hacks jumped nearly 60% in the first seven months of the year to $1.9 billion, propelled by a “skyrocketing increase” in funds stolen from protocols. finance (DeFi), revealed a report by blockchain analytics firm Chainalysis. this month.

“DeFi protocols are particularly vulnerable to hacking, as their open source code can be scoured by cybercriminals looking for exploits (although this can also be useful for security as it helps audit the code), and it is possible that the protocols’ incentives to reach the market and grow rapidly lead to gaps in security best practices,” the company noted.

Decentralized financial platforms

Much of the hacks against DeFi services have been attributed to the North Korea-affiliated hacking unit known as the Lazarus Group, with the nation-state adversary credited with stealing nearly a billion dollars.

cyber security

“Investors should make their own investment decisions based on their financial objectives and financial resources and, when in doubt, should seek advice from a licensed financial adviser,” the enforcement authority said. the law.

Additionally, he also recommends consumers research DeFi platforms before investing, ensure their code has undergone thorough audits, and be aware of the risks posed by open code repositories. source.

The advisory also comes more than a month after the FBI warned that malicious actors were developing rogue cryptocurrency apps to defraud investors of their virtual assets.


Comments are closed.