The FBI has issued a warning about an uptick in hacks aimed at stealing cryptocurrencies from decentralised finance (DeFi) services.
The government claims that criminals are using the rising popularity of cryptocurrencies, the open source nature of DeFi platforms, and their intricate functionality to carry out malicious deeds.
According to the FBI, cybercriminals are taking advantage of security holes in the smart contracts controlling DeFi platforms to steal virtual currency and defraud investors.
The decentralised blockchain network is filled with smart contracts, which are described as self-executing contracts that include the conditions of an agreement between a buyer and a seller within their lines of code.
DeFi platforms accounted for over 97% of the $1.3 billion in cryptocurrency that cybercriminals stole between January and March 2022, up from 30% in 2020 and 72% in 2021.
The FBI also claims to have observed cybercriminals launching flash loans to activate a bug in the DeFi platform’s smart contracts, which resulted in losses of $3 million in cryptocurrency, exploiting a signature verification flaw in a token bridge on the DeFi platform, which resulted in losses of $320 million, and manipulating cryptocurrency price pairs, which resulted in the theft of $35 million in cryptocurrency.
Before making an investment, investors are recommended to examine DeFi platforms, protocols, and smart contracts to detect any hazards. They should also confirm that the DeFi investment platform has at least one code audit.
They should also be cautious of DeFi investment pools that offer quick smart contract implementation and limited time to join, as well as of the dangers associated with crowdsourced bug hunting and patching solutions.
According to the FBI, DeFi platforms should use real-time analytics, monitoring, and testing of code to address vulnerabilities and potentially suspicious activity. They should also implement an incident response plan that includes notifying investors of any suspicious activity, including the exploitation of smart contracts.
Source : HackerCombat