Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency.

“The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency,” the agency said in a notification.

Attackers are said to have used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms’ smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments.

The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded for each other on an exchange – by exploiting a series of vulnerabilities to bypass slippage checks and steal roughly $35 million in digital funds.

It further said that the threat actors are looking to take advantage of the growing public interest in cryptocurrencies to carry out nefarious activities, once again indicating the opportunistic nature of the attacks.

Indeed, losses arising from cryptocurrency hacks have jumped nearly 60% in the first seven months of the year to $1.9 billion, propelled by a “stunning rise” in funds stolen from decentralized finance (DeFi) protocols, a report from blockchain analysis firm Chainalysis revealed this month.

“DeFi protocols are uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for exploits (though this can also be helpful for security as it allows for auditing of the code), and it’s possible that protocols’ incentives to reach the market and grow quickly lead to lapses in security best practices,” the company noted.

Much of the hacks against DeFi services have been attributed to the North Korea-affiliated hacking unit known as the Lazarus Group, with the nation-state adversary attributed to the theft of nearly $1 billion.

“Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser,” the law enforcement authority said.

Additionally, it’s also recommending consumers to research about DeFi platforms prior to investing, ensure their code has been subjected to thorough audits, and be cognizant of the risks posed by open source code repositories.

The advisory also arrives over a month after the FBI cautioned that malicious actors are developing rogue cryptocurrency apps to defraud investors of their virtual assets.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Portion of Twitter’s proprietary source code leaked on GitHub

Portion of Twitter’s proprietary source code leaked on GitHub

Reportedly, the source code remained public for several months before being taken down by GitHub. According to a news report…
Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

At Pwn2Own 2023, participants were awarded a full bounty (more than $1,000,000) in each round for successful exploits. Pwn2Own, as…
Latitude Financial Data Breach: 14 Million Customers Affected

Latitude Financial Data Breach: 14 Million Customers Affected

The Australian consumer lender, Latitude Financial, has suffered a major cyber attack, leading to a data breach of passport and…