Tech

Hackers Exploit Vulnerabilities in DeFi to Steal Crypto

The FBI has issued a security alert warning investors that cybercriminals are increasingly exploiting security vulnerabilities in DeFi platforms to steal cryptocurrencies.

If you are interested in the world of cryptocurrencies, you are probably familiar with “decentralized finance” or DeFi platforms. It is a protocol that allows the creation of a network of financial services with all the options of a traditional bank (accounts, loans, transfers, purchase of derivatives…), but with virtual currencies and block chain technologies.

DeFi offers numerous advantagesstarting with its operation peer to peer independent of a centralized system, but like all emerging technology and more so in cryptocurrencies, it needs to monitor sections such as high volatility or security, as the FBI warns: “Cybercriminals exploit vulnerabilities in the smart contracts that govern DeFi platforms to steal cryptocurrency from investors”.

The public service announcement, published today on the Internet Crime Complaint Center, claims that between January and March 2022, $1.3 billion in cryptocurrency was stolen. Almost 97% were stolen on DeFi platforms and its incidence is increasing.

In the majority of detected cases, pirates exploit security vulnerabilities in the code or security breaches in the platform, allowing them to divert cryptocurrencies to addresses under their control. Cybercriminals use various methods, including initiating flash loans that trigger vulnerabilities in the platforms’ smart contracts and exploiting signature verification flaws.

DeFi Cautions

The FBI recommends taking precautions before making an investment decision on these platforms, such as:

  • Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in these types of investments.
  • Ensuring that the DeFi investment platform has undergone one or more code audits conducted by independent auditors and involving a thorough review and analysis of the underlying code of the platform to identify vulnerabilities or weaknesses in the code that could negatively affect its performance.
  • Alerting DeFi investment groups with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
  • Take into account the potential risk posed by collaborative solutions for the identification and patching of vulnerabilities. Open source code repositories allow unrestricted access to everyone, including those with malicious intent.

“Cybercriminals seek to take advantage of increased investor interest in cryptocurrenciesas well as the complexity of cross-chain functionality and the open source nature of DeFi platforms”they explain from the agency in an alert that can be extended to the entire world of cryptocurrencies.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *