FBI cubics

FBI issues warning over DeFi vulnerabilities

Cybercriminals are targeting decentralized finance (DeFi) applications, and investors should beware of the risk involved before investing their money, the Federal Bureau of Investigations (FBI) has warned.

In its latest alert, the FBI pointed out that these criminals have been exploiting vulnerabilities in DeFi platforms to steal digital assets worth billions.

DeFi platforms have become the favored target for hackers and other cybercriminals recently. Citing Chainalysis data, the FBI noted that between January and March this year, these cybercriminals stole $1.3 billion in digital assets, 97% of which was from DeFi platforms. This was a 72% rise from last year.

A separate report by blockchain security firm CertiK revealed that in the first four months of the year, cybercriminals made off with $1.6 billion from DeFi platforms, more than was stolen in the entire 2020 and 2021 combined.

The FBI specifically cited the February exploit on the Wormhole bridge in which hackers made off with $321 million after exploiting a signature verification vulnerability. It also mentioned the flash loan exploit on Nirvana, a Solana-based DeFi platform, which saw hackers steal $3.5 million.

The FBI advised that investors should conduct thorough research on DeFi platforms and smart contracts before investing. They should also ensure the platform has conducted one or more code audits and be alert to DeFi investment pools with extremely limited timeframes to join.

DeFi platforms must also take all the necessary measures to protect their users, including instituting real-time analytics and rigorous code testing. They must also develop an incident response plan that alerts investors if exploitations or vulnerabilities exist.

This year has seen some of the biggest DeFi exploits of all time, led by the March exploit on Axie Infinity’s Ronin bridge, in which $625 million worth of digital assets were lost. The exploit, and the consequent downward spiral of the Axie token, left many players ‘rekt,’ especially in the Philippines.

Other major exploits include the $190 million Nomad bridge exploit a month ago and Beanstalk’s $182 million code attack in April.

Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.