Last week, the Federal Bureau of Investigation FBI warned investors about increasing cyberattacks targeted at DeFi platforms. This was done through the Public Service Announcement and reiterated via a tweet on their official Twitter channel.
While the announcement explained that cyber criminals were increasingly exploiting vulnerabilities in decentralized finance, the warning did not surprise most people.
DeFi, The History Of Unending Cyber Attacks
DeFi, an emerging financial technology based on secure distributed ledgers, has witnessed rapid growth in the crypto industry over the past two years. Providing lending, borrowing, and trading instruments without the help of central authorities, DeFi has become the bane of many new crypto projects.
However, the “solution” to the traditional finance system has been the victim of hacks and cyber crimes, coming under attack as much as 20 times more than centralized projects.
According to sources, DeFi hacks accounted for 30% in 2020 and 76% of major hacks in 2021, even though general crypto attacks reduced as the year ended.
AtlasVPN data stated, “DeFi fraud and hacks combined caused a loss of over $474 million in the first half of 2021.”
The percentage had risen in less than a year, with DeFi projects responsible for 97% of crypto hacks this year. DeFi has not only been the bane of hacks but money laundering. Most funds brought into crypto through illegal means were taken by DeFi-crypto protocols.
DeFi Smart Contracts And Vulnerabilities
The FBI cited that targeted vulnerabilities were found in the smart contracts governing these DeFi platforms.
“The FBI has observed cybercriminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency,” they explained.
Smart contracts are lines of code written to execute agreements between two parties once certain conditions have been met.
These cybercriminals find security loopholes that comprise the written code and get access to deposited funds. Initiating flash loans that trigger exploits in the platform’s smart contracts is another way they carry out DeFi theft.
The agency added that they “seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.”
Over $1.6 billion have been stolen from the DeFi space this year. The FBI gave notable examples observed-
Regarding the Wormhole token bridge loss in February, where a “signature verification vulnerability” allowed hackers to withdraw all investments on the platform, valued at $320 million.
Solana’s DeFi Protocol Nirvana flash loan exploit caused $3.5 million to go down the drain.
FBI Recommends Taking Precautions
While there is no investment without risk, taking careful precautions will ensure the chances are worth it. The agency advised investors to seek help from licensed financial advisers.
They admonished DeFi platforms to execute code audits using independent auditors. Typically, these audits involve a thorough review and analysis of the projects, identifying risk points that could impact the platform negatively. They are publicly available for users to scrutinize before making decisions.
DeFi projects should also implement an incident response plan to mitigate damages and alert investors when smart contracts are exposed to exploitation.
While the attacks on DeFi platforms show no sign of halting, since deep pockets companies fund the sector, due diligence will help investors and projects stay alert.
The agency also urged investors who have been victims of these attacks to contact their local FBI field office or IC3 for further assistance.