FBI issues warning over DeFi vulnerabilities

Getting your Trinity Audio player ready...

Cybercriminals are targeting decentralized finance (DeFi) applications, and investors should beware of the risk involved before investing their money, the Federal Bureau of Investigations (FBI) has warned.

In its latest alert, the FBI pointed out that these criminals have been exploiting vulnerabilities in DeFi platforms to steal digital assets worth billions.

The #FBI warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: https://t.co/fboL1N17JN pic.twitter.com/VKdbpbmEU1

— FBI (@FBI) August 29, 2022

DeFi platforms have become the favored target for hackers and other cybercriminals recently. Citing Chainalysis data, the FBI noted that between January and March this year, these cybercriminals stole $1.3 billion in digital assets, 97% of which was from DeFi platforms. This was a 72% rise from last year.

A separate report by blockchain security firm CertiK revealed that in the first four months of the year, cybercriminals made off with $1.6 billion from DeFi platforms, more than was stolen in the entire 2020 and 2021 combined.

The FBI specifically cited the February exploit on the Wormhole bridge in which hackers made off with $321 million after exploiting a signature verification vulnerability. It also mentioned the flash loan exploit on Nirvana, a Solana-based DeFi platform, which saw hackers steal $3.5 million.

The FBI advised that investors should conduct thorough research on DeFi platforms and smart contracts before investing. They should also ensure the platform has conducted one or more code audits and be alert to DeFi investment pools with extremely limited timeframes to join.

DeFi platforms must also take all the necessary measures to protect their users, including instituting real-time analytics and rigorous code testing. They must also develop an incident response plan that alerts investors if exploitations or vulnerabilities exist.

This year has seen some of the biggest DeFi exploits of all time, led by the March exploit on Axie Infinity’s Ronin bridge, in which $625 million worth of digital assets were lost. The exploit, and the consequent downward spiral of the Axie token, left many players ‘rekt,’ especially in the Philippines.

Other major exploits include the $190 million Nomad bridge exploit a month ago and Beanstalk’s $182 million code attack in April.

Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity

https://www.youtube.com/watch?v=gB1f_2cCF64&feature=youtu.be