The FBI is warning of an increase in attacks targeting decentralized finance (DeFi) platforms to steal cryptocurrency.
According to the agency, miscreants are taking advantage of the increased interest in cryptocurrency and the complex functionality and the open source nature of DeFi platforms to perform nefarious activities.
Cybercriminals are exploiting security flaws in the smart contracts governing DeFi platforms to steal virtual currency and cause investors to lose money, the FBI says.
Smart contracts, which are defined as self-executing contracts containing within their lines of code the terms of the agreement between a buyer and a seller, are present everywhere across the decentralized blockchain network.
Roughly 97% of the $1.3 billion that cybercriminals stole in cryptocurrencies between January and March 2022 came from DeFi platforms, an increase from 72% in 2021 and 30% in 2020.
The FBI says it has also seen cybercriminals initiating flash loans to trigger an exploit in the DeFi platform’s smart contracts (leading to losses of $3 million in cryptocurrency), exploiting a signature verification bug in a DeFi platform’s token bridge ($320 million in losses), and manipulating cryptocurrency price pairs (to steal $35 million in cryptocurrency).
Investors are advised to research DeFi platforms, protocols, and smart contracts to identify potential risks before investing, and to make sure that the DeFi investment platform has had its code audited at least once.
Furthermore, they should be wary of DeFi investment pools with limited timeframes to join, and which feature rapid deployment of smart contracts, as well as of the risks posed by crowdsourced solutions when it comes to bug hunting and patching.
DeFi platforms, the FBI says, should implement real time analytics, monitoring, and testing of code to address vulnerabilities and potentially suspicious activity, and should implement an incident response plan that involves informing investors of any suspicious activity, including smart contract exploitation.
Related: CISA, FBI Warn Organizations of Zeppelin Ransomware Attacks
Related: FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks
Related: FBI Warns of Ransomware Attacks Targeting Local Governments
Related: FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
