DeFi: flaws allow funds to be stolen

Following a series of thefts on decentralized finance (DeFI) platforms, the US Federal Bureau of Investigation (FBI) warns that criminals are increasingly exploiting bugs on these platforms to steal cryptocurrencies from investors. The FBI has issued a warning to investors pouring money into DeFI platforms, warning them that they may face the risk of financial loss due to vulnerabilities in the smart contracts that run those platforms.

The concept of DeFi is a new digital financial infrastructure that theoretically eliminates the need for central bank or government approval of financial transactions and is closely linked to the development of blockchain technologies. But now the FBI is warning that attackers are defrauding investors by exploiting vulnerabilities in smart contracts.

“A smart contract is a self-executing contract with the terms of an agreement between a buyer and a seller, written directly in lines of code through a distributed and decentralized blockchain network. Cybercriminals are looking to take advantage of increased investor interest in cryptocurrencies, as well as the complexity of cross-chain functionality and the open nature of DeFi platforms,” the FBI said.

DeFI platform thefts began in 2021

Researchers at UK-based penetration testing firm Bishop Fox found that 51% of attacks on DeFI projects in 2021 involved exploiting vulnerabilities in smart contracts, followed by protocol and platform architecture flaws (18%). Most attacks are considered easy.

Earlier this year, hackers stole $80 million from the DeFI project Qubit Finance by exploiting a vulnerability in its QBridge protocol. The hackers also stole $30 million from Grim Finance at the end of 2021.

U.S. blockchain analytics firm Chainalysis has reported that 97% of the $1.3 billion worth of stolen cryptocurrencies in the first quarter of 2022 came from DeFI platforms. DeFI platform theft began in 2021, when DeFI platform hacks accounted for 71% of financial losses, whereas previously, most cryptocurrency thefts targeted individual wallets or cryptocurrency exchanges.

Treat DeFI Platforms with Caution

The FBI says it has observed cybercriminals stealing from DeFI platforms through separate vulnerabilities affecting smart contracts and signature verification elements, as well as combining multiple flaws to manipulate prices. These shortcomings have already led to:

  • The launch of an instant loan that launches an exploit in the smart contracts of the DeFi platform, causing investors and project developers to lose about $3 million in cryptocurrency as a result of the theft.
  • The exploitation of a signature verification vulnerability on the DeFi platform and the withdrawal of all investments from the platform resulted in losses of approximately $320 million.
  • Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities and then creating leveraged trades that bypass checks to steal about $35 million in cryptocurrencies.

The FBI is urging investors to be wary of DeFI platforms, but also acknowledges that investing comes with risks. Investors should learn about platforms, protocols, and smart contracts before investing and ensure that the platform has passed a code audit.

The FBI is also warning investors to beware of “DeFi investment pools with extremely short join times and rapid deployment of smart contracts, especially without recommended code audits.”

He also warns project managers to be aware of the potential risk that crowdsourced solutions pose to identifying and remediating vulnerabilities: “Open source repositories provide unhindered access for all people, including those with malicious intent,” he notes.

Source: “.com”

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.