Crooks are increasingly targeting DeFi platforms to steal cryptocurrency

The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency.

The U.S. Federal Bureau of Investigation (FBI) published a Public Service Announcement (PSA) to warn investors that cybercriminals are increasingly exploiting security flaws in Decentralized Finance (DeFi) platforms to steal cryptocurrency.

Threat actors are exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency.

Smart contracts are self-executing contracts with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. Crooks are attempting to exploit vulnerabilities in protocols implemented by cross-chain bridges and DeFi platforms.

According to the PSA, between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies, most of them (97%) from DeFi platforms.

The FBI reported that cyber criminals are defrauding DeFi platforms by:

• Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
• Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
• Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle,a and then conducting leveraged trades that bypassed slippage checksb and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

The FBI provides the following recommendations to the investors:

• Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
• Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
• Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
• Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.

while the feds recommend DeFi platforms to take the following precautions:

• Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
• Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.

According to CertiK, since the beginning of the year, five cross-chain bridge attacks have led to losses of $1,317,000,000, amounting to 57% of the total losses in Web3 in 2022. The Nomad Bridge exploit ranks as 3rd largest attack this year, behind the Ronin Bridge ($624m) and Wormhole Bridge ($326m) exploits.

The US FBI recommends investors who are victims of the theft of DeFi investments to contact the agency via the Internet Crime Complaint Center or their local FBI field office.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, FBI)

[adrotate banner=”5″]

[adrotate banner=”13″]