Increase in attack on DeFi platforms, cybercriminals stealing hundreds of millions of Dollars from investors, FBI warns
Threat actors stole more than $1 billion in cryptocurrency assets from decentralized financial systems over the course of three months, the FBI reported in a public service announcement.
In a warning sent on Monday, the FBI asserted that hackers are increasingly utilizing DeFi equipment weaknesses to steal cryptocurrency. Because of how bad the situation has become, the FBI has issued a warning and asked DeFi investors to report any potential thefts.
Threat actors are using these contracts’ vulnerabilities to drain the platforms, and many of these attacks have been effective thus far. According to the FBI, smart contracts are “self-executing contracts that are put directly into lines of code that reside throughout a distributed, decentralized blockchain network and include the parameters of the agreement between the buyer and seller.”
Cybercriminals stole $1.3 billion in cryptocurrencies between January and March 2022, with around 97 percent of the total originating via DeFi networks, according to the US blockchain monitoring company Chainalysis.
According to the FBI, DeFi platforms will be responsible for 30% of cryptocurrency thefts in 2020. The percentage increased to 72% the next year, and as of the right moment, it is almost 100%. The FBI ascribed the sharp spike to the “complexity of cross-chain functionality and open source nature of DeFi platforms” as well as to growing interest in cryptocurrency.
The FBI also provided three instances of successful attacks it saw during this time. The most expensive one involved players taking advantage of a weakness in signature verification in a DeFi platform’s token bridge, which permits transactions between two distinct chains.
The FBI calculated that the attackers’ $320 million loss came from draining all investments from the undisclosed DeFi site, according to the FBI alert. The information is consistent with a February attack on Wormhole, a cryptocurrency platform that acknowledged using an exploit that resulted in a $320 million loss.
According to the advisory, perpetrators altering cryptocurrency price pairs by taking advantage of a number of flaws posed the second greatest risk to DeFi investors. Attackers were able to steal almost $35 million as a result of price calculation flaws.
The blockchain security vendor PeckShield described flash loans to TechTarget Editorial as a “special form of loans, which involve the lending of cryptocurrencies (from a pool) to a borrower without collaterals and require the immediate payment within the transaction.” Third, the FBI issued a warning on flash loans. The FBI noted that between January and March, investors and platform creators lost almost $3 million as a result of attackers starting a flash loan that activated a smart contract vulnerability.
Regarding the platforms themselves, the FBI advised putting into practice measures like code testing and real-time monitoring to find weaknesses and react to suspicious activity more quickly. The PSA emphasized the value of having an incident response strategy to notify investors when these concerns are discovered.