The FBI has warned of an increase in attacks targeting decentralised finance (DeFi) platforms to steal cryptocurrency, according to Security Week.
The agency claims that offenders are taking advantage of the increased interest in cryptocurrency and the complex functionality as well as the open-source nature of DeFi platforms to perform nefarious activities.
The FBI also remarked that cybercriminals are exploiting security flaws in the smart contracts governing DeFi platforms to steal virtual currency and cause investors to lose money.
Smart contracts – self-executing contracts containing within their lines of code the terms of the agreement between a buyer and a seller – are present everywhere across the decentralised blockchain network.
The FBI has said that it has also seen cybercriminals initiating flash loans to trigger an exploit in the DeFi platform’s smart contracts – which has led to losses of $3m in cryptocurrency – exploiting a signature verification bug in a DeFi platform’s token bridge – leading to $320m in losses – and manipulating cryptocurrency price pairs to steal $35m in cryptocurrency.
The Bureau has advised investors to research DeFi platforms, protocols and smart contracts to identify potential risks before investing and to make sure that the DeFi investment platform has had its code audited at least once.
Investors are also warned to be wary of DeFi investment pools with limited timeframes to join, and which feature rapid deployment of smart contracts, as well as of the risks posed by crowdsourced solutions when it comes to bug bunting and patching.
The FBI said, “DeFi platforms should implement real time analytics, monitoring, and testing of code to address vulnerabilities and potentially suspicious activity, and should implement an incident response plan that involves informing investors of any suspicious activity, including smart contract exploitation.”
Copyright © 2022 RegTech Analyst
Copyright © 2018 RegTech Analyst