FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

The U.S. Federal Bureau of Investigation (FBI) on Monday warned
of cyber criminals increasingly exploiting flaws in decentralized
finance (DeFi) platforms to plunder cryptocurrency.

“The FBI has observed cyber criminals exploiting vulnerabilities
in the smart contracts governing DeFi platforms to steal investors’
cryptocurrency,” the agency said^[1] in a notification.

Attackers are said to have used different methods to hack and
steal cryptocurrency from DeFi platforms, including initiating
flash loans that trigger exploits in the platforms’ smart contracts
and exploiting signature verification flaws in their token bridge
to withdraw all investments.

The agency has also observed criminals defrauding the platforms
by manipulating cryptocurrency price pairs – assets that can be
traded for each other on an exchange – by exploiting a series of
vulnerabilities to bypass slippage checks^[2]
and steal roughly $35 million in digital funds.

It further said that the threat actors are looking to take
advantage of the growing public interest in cryptocurrencies, once
again indicating the opportunistic nature of the attacks.

Indeed, losses arising from cryptocurrency hacks have jumped
nearly 60% in the first seven months of the year to $1.9 billion,
propelled by a “stunning rise^[3]” in funds stolen from
decentralized finance (DeFi) protocols, a report from blockchain
analysis firm Chainalysis revealed this month.

“DeFi protocols are uniquely vulnerable to hacking, as their
open source code can be studied ad nauseum by cybercriminals
looking for exploits (though this can also be helpful for security
as it allows for auditing of the code), and it’s possible that
protocols’ incentives to reach the market and grow quickly lead to
lapses in security best practices,” the company noted^[4].

Much of the hacks against DeFi services have been attributed to
the North Korea-affiliated hacking unit known as the Lazarus Group^[5], with the nation-state
adversary attributed to the theft of nearly $1 billion.

“Investors should make their own investment decisions based on
their financial objectives and financial resources and, if in any
doubt, should seek advice from a licensed financial adviser,” the
law enforcement authority said.

Additionally, it’s also recommending consumers to research about
DeFi platforms prior to investing, ensure their code has been
subjected^[6]
to thorough audits^[7], and be cognizant of the
risks posed by open source code repositories.

The advisory also arrives over a month after the FBI cautioned^[8]
that malicious actors are developing rogue cryptocurrency apps to
defraud investors of their virtual assets.