FBI issues security warning about open-source DeFi platforms
According to FBI, 97% percent of Q1 22 stolen digital assets worth $1.3 billion came from DeFi platforms
In particular, the Federal Police Authority warns of the vulnerabilities of smart contracts running on open-source DeFi platforms
On August 29, the FBI issued a general warning citing major cyber attacks against decentralized financial platforms. According to the FBI, the cybercriminals exploited vulnerabilities in the smart contracts of the Defi platforms.
In 2022, DeFi platforms will be subject to widespread attacks. Crypto hackers primarily targeted the platforms’ cross-chain bridges, stealing the equivalent of $1.3 billion in Q1 22 alone.
Citing a report by blockchain analysis firm Chainalysis, the FBI found that 97% of the stolen assets were on DeFi platforms. This represents a 72% increase over DeFi crime in 2021 and a 30% increase over 2020.
The FBI explains the attack tactics
According to the FBI, the cybercriminals initiated a flash loan that exploited a vulnerability in the smart contracts running on the DeFi platforms. As a result of this theft, investors lost more than $3 million. In addition, the cybercriminals exploited a vulnerability in the DeFi platform’s token bridge to verify signatures. Thus, they managed to withdraw the stocks from the platform, resulting in more than $350 million in damage. The FBI explains :
“The manipulation of cryptocurrency price pairs by exploiting a number of vulnerabilities and then conducting leveraged trades that bypass slippage controls and take advantage of pricing errors to steal approximately $35 million worth of cryptocurrencies are notorious.”
In early August , we reported on how a developer managed to fake an entire DeFi ecosystem and deceive investors over millions of dollars. Because of all the hacks and thefts this year, trading volumes in the DeFi space have declined significantly this year.
The FBI has advised DeFi platforms to take necessary precautions through “real-time analysis, monitoring, and rigorous testing of the code.” This will quickly identify vulnerabilities and respond to indications of suspicious activity.