In a public announcement on Monday, the Federal Bureau of Investigation (FBI) warned investors about security vulnerabilities on DeFi platforms. It also asked anybody who suspects that their investments have been stolen to approach the FBI through the local FBI office or the Internet Crime Complaint Center (IC3). The Bureau said that coding flaws and the protocols’ open-source nature make these platforms vulnerable to attacks.
The FBI said in a Public Service Announcement on Monday that “Between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from Defi platforms, according to the US blockchain analysis firm Chainalysis”. This is a 72% increase from 2021 and a 30% increase from 2020.
Cybercriminals often try to exploit the open-source nature of DeFi platforms and complex cross-chain structures coupled with investors’ avid interest in virtual assets. The agency added that these attackers use vulnerabilities associated with signature verification, flash loans and cryptocurrency price pairs to exploit DeFi platforms.
The FBI also offered a set of recommendations in the announcement beginning with a caution that investments are risky by nature so people should seek advice from a licensed financial adviser. It also further alerted investors about coding flaws in DeFi platforms and crowdsourced solutions. The FBI also offered some advice to Defi platforms to protect themselves from cyberattacks. These include the installation of real-time analytics and frequent rigorous code audit.
About two weeks ago, the Securities and Exchange Commission of Thailand (Thai SEC) also issued a similar warning to domestic investors against using DeFi platforms. It said that the associated risks include overleveraged collaterals and rug-pulls. In April, the FBI claimed that the Lazarus Group, associated with the North Democratic People’s Republic of Korea (DPRK), were behind the Ronin Bridge attack, in which $625 million was stolen.
Just a few days before this heist, the FBI, Treasury Department and the Cybersecurity and Infrastructure Security Agency (CISA) had issued a joint advisory bulletin cautioning investors about threats of cyberattacks targeting their cryptocurrency assets.
Featured Image Source: www.teiss.co.uk