Amid a wave of hacks that have cost investors billions of dollars in cryptocurrency, the FBI is calling on decentralized finance (DeFi) platforms to improve their security.
In a notice posted on its website, the FBI said cybercriminals increasingly target DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to separate investors from their money.
According to the FBI, the rise in attacks mirrored the growing interest among investors in cryptocurrency, as well as “the complexity of cross-chain functionality and the open source nature of DeFi platforms.”
The warning might not come soon enough, as there have been a number of thefts involving DeFi platforms, including the $ 100 million worth of cryptocurrency stolen by blockchain bridge company Harmony, the roughly $ 150 million stolen from the exchange’s hot wallets. of cryptocurrencies BitMart and the $ 130 million tokens stolen from Cream Finance.
A report by Chainalysis, a blockchain analytics firm, claims that cybercriminals stole a staggering $ 1.3 billion worth of cryptocurrencies between January and March 2022. Nearly 97% was stolen from DeFi platforms.
The disproportionate level of theft from DeFi platforms clearly demonstrates that there is a significant problem, which is why the FBI has advised investors to take the following precautions:
- Research DeFi platforms, protocols and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
- Make sure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could adversely affect platform performance.
- Beware of DeFi investment pools with extremely limited time to join and quick smart contract rollout, especially without recommended code checking.
- Be aware of the potential risk posed by crowdsourcing solutions for identifying vulnerabilities and patching. Open source code repositories allow unlimited access to all individuals, including those with nefarious intentions.
But it’s not just cryptocurrency investors who need to take steps to avoid becoming victims of cybercrime. The FBI also recommended that DeFi platforms take precautions to reduce hackers’ chances of falling out.
The FBI demands that DeFI platforms put in place real-time analysis and monitoring to prevent attacks, rigorously test code to identify vulnerabilities faster, and respond to suspicious activity.
Additionally, the FBI recommends that DeFi platforms develop and implement incident response plans that integrate alerting investors when a vulnerability, exploitation of smart contracts and other suspicious activity is detected.
Editor’s Note: The views expressed in this article by the guest author are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.