The FBI is warning investors of the risks decentralized finance (DeFi) platforms face from hackers stealing cryptocurrency, and is urging both investors and platforms amp up efforts to ward off attacks.
"Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money," the FBI said in a new public service announcement. "Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms."
In a smart contract, the terms of the agreement between the buyer and seller are written directly into lines of code on a blockchain network.
Cyber criminals have been trying to manipulate the complexities of blockchain and DeFi platforms to their advantage. The FBI warned criminals have exploited signature verification on DeFi platforms, allowing the actors to steal all of the platform’s investments, resulting in millions in losses.
The agency has also witnessed criminals exploiting so-called flash loans, which use smart contracts on a blockchain that don't let funds change hands unless certain rules are met, to extract millions.
In its announcement, the agency pointed to analysis from blockchain analytics firm Chainalysis that between January and March 2022, cyber criminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms.
Chainalysis found in a separate report that crypto lost from hacks has surged in 2022, with more than $202 million stolen in August in addition to the $1.9 billion of investor funds lost through the end of July, a 37% increase from last year.
As Yahoo Finance reported earlier this month, crypto bridges — which allow users to transfer cryptocurrencies from one blockchain to another — have shown high rates of security vulnerability and have become popular targets for hackers. These exploits account for the bulk of major crypto robberies this year.
Notable bridge hacks have included Nomad ($190 million) earlier this month, Harmony ($100 million) in June, Ronin ($625 million) during March, and Wormhole ($326 million) at the beginning of February. Of the $1.9 billion stolen from DeFi protocols this year, hackers affiliated with North Korea such as the Lazarus Group, are estimated to be responsible for more than half of the total.
The FBI is urging investors to research DeFi platforms and look for independent audits of the platform’s underlying code to identify vulnerabilities in the code before putting money into a project.
At the same time, the agency is urging DeFi platforms to use real time analytics and test code to identify vulnerabilities and protect against hacks.
—
Read the latest financial and business news from Yahoo Finance
Download the Yahoo Finance app for Apple or Android
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, and YouTube