Cybercriminals are increasingly exploiting security flaws in smart contracts to steal cryptocurrency, according to the Federal Bureau of Investigation. In an advisory it published on Monday (via Bleeping Computer), the agency warned investors of a significant uptick in attacks targeting decentralized finance platforms.
Between January and March of this year, hackers stole $1.3 billion worth of cryptocurrencies, with almost 97 percent of that money coming from DeFi platforms, the FBI said citing data from Chainalysis. That’s an increase from both 2021 and 2020 when DeFi-related thefts represented 72 percent and 30 percent the source of all stolen crypto. The agency has seen criminals employ a variety of methods to fleece DeFi platforms. In one case, hackers employed a so-called flash loan attack to steal approximately $3 million worth of cryptocurrencies. In a separate attack targetting a signature verification vulnerability in a platform’s token bridge, cybercriminals made off with $320 million.
Many of the most prolific hacks in recent months fall into those categories of attacks. For instance, the largest crypto heist ever saw the Lazarus Group, a North Korean state-sponsored hacking collective, target Axie Infinity. The group reportedly exploited a backdoor in a Remote Procedure Call node from Axie creator Sky Mavis to forge fake withdrawals using compromised private keys. More recently, a hacking “free-fo-all” saw Nomad bridge users lose $200 million worth of crypto due to a misconfiguration.
The FBI recommends investors take a handful of precautions before risking their money with a DeFi platform. You should research the platform you want to invest in, as well as the details of the smart contract they employ. Additionally, only put money down on a firm or company that has paid for independent code audits. You also want to avoid investment pools with extremely limited timeframes to join.
“Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms,” the FBI said. “Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser.”