The FBI has issued a warning about cybercriminals increasingly exploiting weaknesses in the smart contracts of DeFi (decentralized finance) platforms to steal crypto.
“Cybercriminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open-source nature of DeFi platforms,” the agency said in a statement.
The FBI is encouraging investors who suspect cybercriminals have stolen their DeFi investments to contact the agency via the Internet Crime Complaint Center or their local FBI field office.
DeFi ‘Uniquely Vulnerable to Hacking’
In the first three months of 2022, hackers stole $1.3 billion from exchanges, platforms and private entities — and the victims were disproportionately in DeFi, with 97% of all cryptocurrency stolen in that period being from DeFi protocols, according to Chainalysis.
This figure represents a huge jump from the 72% in 2021 and 30% in 2020 stolen from DeFi platforms.
“The (FBI’s) reference to ‘the complexity of cross-chain functionality and open-source nature of DeFi platforms’ is key,” said Ari Redbord, the head of legal and government affairs at blockchain intelligence company TRM Labs. “In order to investigate crypto-related cybercrime today, it is critical to have cross-chain tracing capability. As more and more bad actors target DeFi, bridges and move funds across blockchains, cross-chain tracing is a key component of investigating.”
Take Our Poll: Do You Think Student Loan Debt Should Be Forgiven?
Redbord said that over the last year North Korean state actors and other cybercriminals have been attacking decentralized protocols and other crypto-related entities “at alarming speed and scale.”
Indeed, Chainalysis explains in a blog post: “DeFi protocols are uniquely vulnerable to hacking, as their open-source code can be studied ad nauseum by cybercriminals looking for exploits (though this can also be helpful for security as it allows for auditing of the code), and it’s possible that protocols’ incentives to reach the market and grow quickly lead to lapses in security best practices.”
What You Should Do
The FBI recommends that investors proceed with caution and knowledge before investing by researching DeFi platforms, protocols and smart contracts, and be aware of the specific risks involved in DeFi investments.
Another tip is to make sure the DeFi platform has conducted one or more code audits performed by independent auditors, the FBI said.
TRM Labs’ Redbord added that in the wake of attacks on the Poly Network, the Ronin blockchain and myriad other entities, the warning is an attempt by the FBI to ensure two things.
“First, it seeks to ensure that users remain vigilant before and even after investing,” he said. “Second, and arguably most importantly, it is a call to DeFi protocols to harden defenses in the wake of attacks by cybercriminals and nation state actors.
“While many large, centralized exchanges have compliance teams and cybersecurity measures in place, DeFi protocols are often decentralized software without the resources to maintain the same level of controls.”
More From GOBankingRates