In a public announcement on Monday, the Federal Bureau of Investigation (FBI) warned investors about security vulnerabilities in DeFi platforms. It also asked those who suspect that their investments have been stolen to approach the FBI through the Internet Crime Complaint Center (IC3) or the local FBI office.
“Between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from Defi platforms, according to the US blockchain analysis firm Chainalysis,” the FBI said in a Public Service Announcement on Monday.
This is an increase from 72% in 2021 and 30% in 2020.
Cybercriminals try to exploit the open-source nature of DeFi platforms and complex cross-chain functionality coupled with investors’ interest in digital assets. The agency added that they use vulnerabilities associated with flash loans, signature verification, and cryptocurrency price pairs to exploit platforms.
The announcement also offers a set of recommendations beginning with a caution that investments are risky by nature so seeking advice from a licensed financial adviser is an option. It further alerts investors about coding flaws in decentralized platforms and crowdsourced solutions.
The FBI also offerred a few suggestions to Defi platforms to protected themselves from cyberattacks and stealing of funds. These included the installation of real-time analytics and rigorous code audit.
Not Just in the US
About two weeks ago, the Securities and Exchange Commission of Thailand (Thai SEC) sounded a similar warning to domestic investors against DeFi platforms. It said that associated risks include overleveraged collaterals and rug-pulls.
In April, the FBI claimed that cyber actors APT38, also known as Lazarus Group, associated with the North Democratic People’s Republic of Korea (DPRK), were behind the hacking of Ronin Bridge, in which $625 million was stolen.
Only a few days before this heist, the FBI, Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) had issued a joint advisory cautioning the investors about threats of cyberattacks targeting their crypto funds.