Cyber-criminals Exploiting DeFi Bugs to Steal Investor Funds
Decentralized finance (DeFi) platforms have become a hot target for cyber-criminals, with the FBI issuing a warning about the increasing exploitation of bugs in these platforms to steal investor funds.
Recent Incidents
In a recent Public Service Announcement (PSA), the FBI highlighted several ways in which vulnerabilities in smart contract code have been exploited by hackers:
- Using flash loans to trigger exploits, resulting in losses of around $3 million in cryptocurrency
- Exploiting signature verification vulnerabilities in DeFi platform token bridges, leading to losses of $320 million
- Manipulating cryptocurrency price pairs to conduct leveraged trades, stealing roughly $35 million in cryptocurrencies
Statistics and Trends
According to data from blockchain analytics firm Chainalysis, hackers managed to steal $1.3 billion in crypto in the first three months of this year. Of this amount, 97% was stolen from DeFi platforms, a significant increase from previous years.
State-sponsored actors, particularly North Korean operatives, have been linked to many of these attacks. In 2021 alone, Pyongyang allegedly stole $400 million in crypto assets. The FBI also connected the $618 million heist at Ronin Network in March to North Korean actors.
Protecting Investments
The FBI advised investors to conduct thorough research before investing in DeFi platforms. They recommended looking for platforms that have undergone code audits, utilize real-time analytics and monitoring tools, and have an incident response plan in place.
Investors were also warned to avoid DeFi investment pools with limited joining timeframes, rapid deployment of smart contracts, and those using open source code.
Government Action
In response to these cyber threats, the US State Department has increased the reward for information on North Korean state-backed hackers to $10 million. North Korea has been implicated in several high-profile cryptocurrency thefts, including the $281 million stolen from KuCoin in 2020.
A UN report from 2019 alleged that the Kim Jong-un regime had stolen $2 billion from banks and crypto-exchanges to fund its weapons of mass destruction programs.
As cyber-criminals continue to target DeFi platforms, investors must exercise caution and due diligence to protect their assets in the increasingly risky world of cryptocurrency.