Crimes in the DeFi space have been on the macro incline. Per data from The Block, over $2.45 billion have been stolen by decentralized finance attackers since the beginning.
FBI issues DeFi alert
The U.S Federal Bureau of Investigation addressed the same in its latest statement. A few hours back, the FBI issued a warning for investors in DeFi platforms, highlighting that cyber criminals increasingly exploited vulnerabilities within the DeFi ecosystem to steal crypto.
The statement noted,
“Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.”
The intelligence and security service agency highlighted that in January and March 2022, cybercriminals stole $1.3 billion in crypto. Out of that, a whopping 97% was stolen from DeFi platforms. Furthermore, the same also marked an increase from 72% in 2021 and 30% in 2020.
The agency noted that it had observed criminals exploiting signature verifications, manipulating crypto price pairs, bypassing slippage checks, and treading on the flash loan route. As far as the latter is concerned, the FBI gave a particular example and noted,
“Separately, the FBI has observed cyber criminals defraud DeFi platforms by: Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.”
Flash loans, as such, were quite a common way of stealing funds from perpetrators in the ecosystem. However, as depicted below, the crimes of late have mostly been executed without using flash loans.
Also, it is worth noting that Ethereum remains the most targeted blockchain for exploits. Still, as depicted below, Fantom, BNB Chain, Avalanche, and Polygon are also a part of the list.
Recommendations
From researching to making sure DeFi platforms have conducted audit checks, the FBI chalked out a list of user recommendations. Elucidating on the same, it said,
“Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments… Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.”
To DeFi platforms, the agency asked them to institute real-time analytics, monitor, and rigorously test code to identify vulnerabilities and respond to indicators of suspicious activity more quickly. Furthermore, it added,
“Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.”