The U.S. Federal Bureau of Investigation (FBI) says that one popular niche of the cryptocurrency ecosystem has become a prime target for cyber criminals.
In a new press release, the agency reports that users of decentralized finance (DeFi) suffered over a billion dollars in losses during the first quarter of this year due to malicious online actors.
“Between January and March 2022, cyber criminals stole $1.3 billion in cryptocurrencies, almost 97% of which was stolen from DeFi platforms, according to the US blockchain analysis firm Chainalysis.”
The announcement says that tech-savvy criminals are taking advantage of vulnerabilities within the structure of DeFi platforms to fleece unwitting crypto traders.
The FBI reveals several methods which the cyber criminals employed:
“Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw[ing] all of the platform’s investments, resulting in approximately $320 million in losses.
Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle and then conducting leveraged trades that bypassed slippage checks and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.”
The agency goes on to make several recommendations about how DeFi users can avoid getting scammed, including researching whether a platform has conducted a code audit, skepticism toward investment pools which set brief funding windows and wariness toward platforms which rely on open-source code contributions.
The report also encourages DeFi platforms to enhance security measures and develop vigilant threat response plans.
At time of writing, the DeFi subsector has a total valued locked of nearly $60 billion. Over 57% of that capital ($34.22 billion) resides on Ethereum (ETH).
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/DomCritelli/Hoowy