FBI offers a warning regarding online criminals targeting DeFi

Decentralized finance (DeFi) platform investors are being cautioned once again by the US Federal Bureau of Investigation (FBI), since these platforms will be the target of $1.6 billion in exploits in 2022.

The FBI warned investors to thoroughly study DeFi platforms before utilizing them in a public service announcement posted on the FBI's Internet Crime Complaint Center on Tuesday. The agency also urged platforms to strengthen monitoring and carry out rigorous code testing.

FBI Initiative to Mitigate Risk of Cyber Influence Targeting US Elections - American Security Today
Because of "investors' rising interest in cryptocurrencies," "the intricacy of cross-chain functionality," and "the open source nature of Defi platforms," the law enforcement agency warned that cybercriminals are active and ready to exploit.

The #FBI warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: https://t.co/fboL1N17JN pic.twitter.com/VKdbpbmEU1
— FBI (@FBI) August 29, 2022

The FBI has documented instances of fraudsters stealing cryptocurrency from investors by taking advantage of flaws in the smart contracts that control DeFi platforms.

The FBI cited instances when hackers stole $321 million from the Wormhole token bridge in February via a "signature verification vulnerability." Additionally, it disclosed a flash loan attack that was employed in July to open a vulnerability in the Solana DeFi protocol Nirvana.

But it's only a drop in a very large ocean. Since the year's beginning, more than $1.6 billion has been abused from the DeFi space, surpassing the total amount stolen in 2020 and 2021 combined, according to an analysis from blockchain security company CertiK.

FBI recommends due diligence, testing

Even while the FBI acknowledged that "all investments carry some risk," the agency has advised that investors thoroughly examine DeFi platforms before using them and, if in doubt, consult a qualified financial adviser.

The agency stressed the importance of the platform's protocols and the fact that they have undergone one or more independent code audits.

A code audit often entails a review of the platform's underlying code to find any holes or flaws that might be exploited.

The FBI advises approaching any DeFi investment pools with a "rapid rollout of smart contracts" or a "very limited timeline to join" with great caution. This is especially true if the investment pool has not performed a code audit.

The law enforcement organization also warned against crowdsourced solutions, which produce ideas or content by asking for contributions from a sizable group of people:

“Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.”

According to the FBI, DeFi platforms can also contribute to security by routinely testing their code to find vulnerabilities and by using real-time analytics and monitoring.

The guidelines also include developing an incident response strategy and warning users of any potential platform flaws, hackers, exploits, or other questionable behaviour.

The FBI Says All Americans Must Take These Precautions in New Warning
If all else fails, the FBI advises American investors who have been the target of hackers to get in touch with them via the Internet Crime Complaint Center or their local FBI field office.

With the creation of the Virtual Asset Exploitation Unit, the FBI has increased its efforts to combat crime in the digital asset sector, according to a statement made earlier this year by U.S. Deputy Attorney General Lisa Monaco.

As part of a shift in emphasis toward disrupting global criminal networks rather than just their prosecution, the specialized team is focused on cryptocurrencies and includes specialists to assist with blockchain analysis.