The FBI is warning of an increase in attacks targeting decentralized finance (DeFi) platforms to steal cryptocurrency.
According to the agency, miscreants are taking advantage of the increased interest in cryptocurrency and the complex functionality and the open source nature of DeFi platforms to perform nefarious activities.
Cybercriminals are exploiting security flaws in the smart contracts governing DeFi platforms to steal virtual currency and cause investors to lose money, the FBI says.
Smart contracts, which are defined as self-executing contracts containing within their lines of code the terms of the agreement between a buyer and a seller, are present everywhere across the decentralized blockchain network.
Roughly 97% of the $1.3 billion that cybercriminals stole in cryptocurrencies between January and March 2022 came from DeFi platforms, an increase from 72% in 2021 and 30% in 2020.
The FBI says it has also seen cybercriminals initiating flash loans to trigger an exploit in the DeFi platform’s smart contracts (leading to losses of $3 million in cryptocurrency), exploiting a signature verification bug in a DeFi platform’s token bridge ($320 million in losses), and manipulating cryptocurrency price pairs (to steal $35 million in cryptocurrency).
Investors are advised to research DeFi platforms, protocols, and smart contracts to identify potential risks before investing, and to make sure that the DeFi investment platform has had its code audited at least once.
Furthermore, they should be wary of DeFi investment pools with limited timeframes to join, and which feature rapid deployment of smart contracts, as well as of the risks posed by crowdsourced solutions when it comes to bug hunting and patching.
DeFi platforms, the FBI says, should implement real time analytics, monitoring, and testing of code to address vulnerabilities and potentially suspicious activity, and should implement an incident response plan that involves informing investors of any suspicious activity, including smart contract exploitation.
Related: CISA, FBI Warn Organizations of Zeppelin Ransomware Attacks
Related: FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks
Related: FBI Warns of Ransomware Attacks Targeting Local Governments
Related: FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
