Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security.
In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to part investors from their money.
According to the FBI, the increase in attacks has mirrored the rising interest amongst investors in cryptocurrency, as well as “the complexity of cross-chain functionality and open source nature of DeFi platforms.”
The warning couldn’t come soon enough, as there have been a series of thefts involving DeFi platforms – including the $100 million of cryptocurrency stolen from blockchain bridge firm Harmony, the approximately $150 million swiped from hot wallets at cryptocurrency exchange BitMart, and the $130 million worth of tokens stolen from Cream Finance.
A report by Chainalysis, a blockchain analysis firm, claims that cybercriminals stole a staggering $1.3 billion in cryptocurrencies between January and March 2022. Almost 97% of that was stolen from DeFi platforms.
The disproportionate level of theft from DeFi platforms clearly demonstrates that there is a significant problem, and that is why the FBI has advised investors to take the following precautions:
- Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
- Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
- Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
- Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, including those with nefarious intentions.
But it’s not just cryptocurrency investors who need to take steps to prevent becoming victims of cybercrime. The FBI has also recommended that DeFi platforms take precautions to lessen the chances of falling foul of hackers.
The FBI is calling for DeFI platforms to put in place real-time analytics and monitoring to prevent attacks, test code rigorously to identify vulnerabilities more quickly, and respond to suspicious activity.
Furthermore, DeFi platforms are recommended by the FBI to develop and implement incident response plans that would incorporate alerting investors when a vulnerability, the exploitation of smart contracts, and other suspicious activity is detected.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.