In light of the $1.6 billion in exploits in 2022 against the decentralized finance (DeFi) networks, the US Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in these platforms.
In a public service announcement posted on the FBI’s Internet Crime Complaint Center on August 29, the agency claimed that the exploits had resulted in financial losses for investors.
The agency advised the investors to thoroughly research DeFi platforms before using them and urged platforms to improve monitoring and carry out rigorous code testing.
The FBI warned that cyber attackers are actively looking to exploit the “rising investors’ interest in cryptocurrencies”, “the complexity of cross-chain functionality”, and “open source nature of Defi platforms.”
The law enforcement agency has documented an instance of cybercriminals stealing investors’ cryptocurrency by taking advantage of the flaws in the smart contract that governs the DeFi platforms.
Specifically, the hackers stole $321 million from the Wormhole token bridge in February through a “signature verification vulnerability.”
In addition, it mentioned a flash loan attack that was employed in July to trigger a vulnerability in Sonala DeFi protocol Nirvana.
However, the aforementioned cases are not as significant as the current issue. In fact, since the year began, more than $1.6 billion has been siphoned off of the DeFi space, surpassing the total amount plundered in 2020 and 2021 combined, according to a research from CertiK in M, a blockchain security firm.
Even while the FBI acknowledged that “all investments involves some risk,” the agency has advised that investors thoroughly examine DeFi platforms before using them and consult a qualified financial adviser to be safe.
The agency stated that it was crucial to make sure the platform’s protocols are robust and that they have undergone one or more independent code audits.
The FBI advises approaching any DeFi investment pools with an “extremely limited timeframe to join” or “rapid deployment of smart contracts” with great caution. This is especially true if the investment pool has not performed a code audit.
The law enforcement organisation also raised the red flag for crowdsourced solutions, which generate concepts or material by asking for input from a sizable group of individuals.
DeFi platforms are also highly advised to routinely test their code to find vulnerabilities and by using real-time analytics and monitoring.
The guidelines also include developing an incident response strategy and warning users of any potential platform flaws, hackers, exploits, or other shady behavior.
If all else fails, the FBI advises American investors who have been the target of hackers to get in touch with them via the Internet Crime Complaint Center or their local FBI field office.