Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns of Surge in Attacks Targeting DeFi Platforms

The FBI is warning of an increase in attacks targeting decentralized finance (DeFi) platforms to steal cryptocurrency.

According to the agency, miscreants are taking advantage of the increased interest in cryptocurrency and the complex functionality and the open source nature of DeFi platforms to perform nefarious activities.

The FBI is warning of an increase in attacks targeting decentralized finance (DeFi) platforms to steal cryptocurrency.

According to the agency, miscreants are taking advantage of the increased interest in cryptocurrency and the complex functionality and the open source nature of DeFi platforms to perform nefarious activities.

Cybercriminals are exploiting security flaws in the smart contracts governing DeFi platforms to steal virtual currency and cause investors to lose money, the FBI says.

Smart contracts, which are defined as self-executing contracts containing within their lines of code the terms of the agreement between a buyer and a seller, are present everywhere across the decentralized blockchain network.

Roughly 97% of the $1.3 billion that cybercriminals stole in cryptocurrencies between January and March 2022 came from DeFi platforms, an increase from 72% in 2021 and 30% in 2020.

The FBI says it has also seen cybercriminals initiating flash loans to trigger an exploit in the DeFi platform’s smart contracts (leading to losses of $3 million in cryptocurrency), exploiting a signature verification bug in a DeFi platform’s token bridge ($320 million in losses), and manipulating cryptocurrency price pairs (to steal $35 million in cryptocurrency).

Investors are advised to research DeFi platforms, protocols, and smart contracts to identify potential risks before investing, and to make sure that the DeFi investment platform has had its code audited at least once.

Furthermore, they should be wary of DeFi investment pools with limited timeframes to join, and which feature rapid deployment of smart contracts, as well as of the risks posed by crowdsourced solutions when it comes to bug hunting and patching.

Advertisement. Scroll to continue reading.

DeFi platforms, the FBI says, should implement real time analytics, monitoring, and testing of code to address vulnerabilities and potentially suspicious activity, and should implement an incident response plan that involves informing investors of any suspicious activity, including smart contract exploitation.

Related: CISA, FBI Warn Organizations of Zeppelin Ransomware Attacks

Related: FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks

Related: FBI Warns of Ransomware Attacks Targeting Local Governments

Related: FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.