FBI Warns Investors When $1.9 Billion Cryptocurrency Has Been Hacked Year To Date

On August 29, the US Federal Bureau of Investigation (FBI) updated its advice to DeFi investors, citing a rise in criminal use of smart contracts. In July, the blockchain analysis business discovered that hacks were to blame for the overall theft of $1.9 billion in cryptocurrencies in 2022.

The US Federal Bureau of Investigation (FBI) is advising investors in decentralized finance (DeFi) protocols to look for platforms that have finished code audits as a result of an increase in criminals exploiting smart contract vulnerabilities.

The U.S. Federal Bureau of Investigation (FBI) issued a warning on Monday about cybercriminals who are increasingly taking advantage of holes in platforms for decentralized finance (DeFi) to steal cryptocurrencies.

In a public service announcement on August 29 that included advice for both investors and DeFi platforms, the FBI stated that cybercriminals were “increasingly taking advantage of vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money.”

DeFi is dominating, stay safe with your funds!

DeFi has been actively involved in cryptocurrency theft this year. According to Chainalysis, DeFi protocols were used in an incredible 97% of the cryptocurrency stolen up until May 1. According to research conducted by the blockchain industry in July, hacks were to blame for the aggregate theft of $1.9 billion in cryptocurrencies in 2022.

Attackers allegedly utilized a variety of techniques to compromise the DeFi platforms and steal cryptocurrency, including starting flash loans that activated smart contract attacks and abusing weaknesses in signature verification in their token bridge to remove all assets.

The agency has also seen fraudsters manipulate cryptocurrency price pairs — assets that may be exchanged for one another on an exchange — by taking advantage of a number of flaws to get around slippage checks and steal about $35 million in virtual money.

According to research released this month by blockchain analysis company Chainalysis, losses from cryptocurrency thefts have increased by almost 60% in the first seven months of the year to $1.9 billion, driven by a startling increase in money stolen from decentralized finance (DeFi) protocols.

DeFi protocols are particularly vulnerable to hacking because their open-source code can be studied in-depth by cybercriminals searching for exploits (although this can also help with security as it allows for code auditing), and it’s possible that protocols’ incentives to reach the market and grow quickly cause lapses in security best practices, the company noted.

The Lazarus Group, a hacker group linked to North Korea, has been blamed for most attacks against DeFi services, and the nation-state foe is also responsible for about $1 billion theft.

Advice from the FBI to investors for self-security

The FBI has provided significant recommendations to DeFi protocol investors. It advised consumers to do their own research and educate themselves about the broader dangers of DeFi. Next, using platforms that had undergone one or more third-party code audits was suggested.

People should “be vigilant to DeFi investment pools with exceptionally short join windows and quick implementation of smart contracts, especially without the requisite code audit,” the FBI further advised. Additionally, it emphasized the potential dangers associated with open-source code repositories and “crowdsourced solutions to vulnerability identification and patching.”

In order to find vulnerabilities and create a strategy for warning platform users in the event of a security emergency, law enforcement also suggests using “real-time analytics,” monitoring, and code testing via DeFi protocols.

The FBI also mentioned a few incidents in which the FBI detected thieves misusing DeFi platforms to steal cryptocurrencies. A flash loan that resulted in a smart contract hack cost DeFi developers $3 million. Other examples include a $320 million signature verification exploit, a $35 million theft linked to manipulated price pairs, and a $3 million loss.

According to the law enforcement agency, investors should make their own investment decisions based on their financial aims and resources. If unsure, they should seek guidance from a qualified financial adviser.

Additionally, it advises customers to investigate DeFi platforms before investing, confirm that their code has undergone extensive audits, and be aware of the dangers associated with open-source code repositories.

The warning comes more than a month after the FBI issued a warning that criminals are creating fake cryptocurrency apps in an effort to scam investors of their digital money.