Site will be messed up for a bit as I work on things/break them.
DNL

FBI Warns About DeFi Platform Vulnerabilities

The Federal Bureau of Investigation has warned about the exploitation of decentralized finance platfrms.

A public service announcement from the FBI warns people about the risks involved in investing in a decentralized finance (DeFi) platform. Cybercriminals exploit vulnerabilities in the smart contracts that govern DeFi platforms, resulting in large-scale thefts.

According to a report from Chainalysis, hackers stole more than $1 billion in cryptocurrency between January and March of this year. 97% of the funds were stolen from DeFi platforms.

A picture of Top men

Top men

The FBI’s warning is below.

SUMMARY

The FBI is warning investors cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money. The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

THREAT

Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money. A smart contract is a self-executing contract with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.

Between January and March 2022, cyber criminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms, according to the US blockchain analysis firm Chainalysis. This is an increase from 72 percent in 2021 and 30 percent in 2020, respectively. Separately, the FBI has observed cyber criminals defraud DeFi platforms by:

  • Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.
  • Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdraw all of the platform’s investments, resulting in approximately $320 million in losses.
  • Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle, a and then conducting leveraged trades that bypassed slippage checks b and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

RECOMMENDATIONS

Investment involves risk. Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser. In addition, the FBI recommends investors take the following precautions:

  • Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
  • Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
  • Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
  • Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.

The FBI recommends DeFi platforms take the following precautions:

  • Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
  • Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.

Cyber Criminals Increasingly Exploit Vulnerabilities in Decentralized Finance Platforms to Obtain Cryptocurrency, Causing Investors to Lose Money | www.ic3.gov, archive.is, archive.org

A picture of This global push for increased regulation this month is organic!

This global push for increased regulation this month is organic!

9 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
2e0b5f2a
11a18050 Tue, Aug 30, 2022

Most of this DeFi crap is about trying to solve a problem that doesn’t even exist. The crypto space will be better off with most of it gone.

237d2e2d
71a61ea0 Tue, Aug 30, 2022

Facts

0a36e9a7
56707ac0 Fri, Sep 2, 2022

A problem that doesnt exist? Lol go back to reddit you mouth breathing retard.

How about the problems of getting throatfucked by CEX’s demanding a rectal scan and all your data to be stored forever so they can farm your info out to either 1. The IRS or 2. Whatever blackmarket asshat pays them for it. And then holding your funds hostage until you give them it, if they even respond after you do. Cex’s are a cancer on everything bitcoin once stood for and faggots like you are a cancer on everything else.

2dcbfbb2
8958dcc0 Sat, Sep 3, 2022

Boomers think bitcorn and a mixer gives them freedom and privacy, while they transact on a CEX.

One day it will click for you

8481fb9e
e7bc7210 Tue, Aug 30, 2022

If DeFi was banned then Ethereum’s price would immediately go to zero.

ea0106a3
a38ec230 Fri, Sep 2, 2022

The problem with all this defi shit is that its not decentralized at all. Same reason tornado cash got pwned.

49ce4e45
10e70d90 Fri, Sep 2, 2022

DNL, in the whole article, including the headlines pictured at the bottom, i dont see a single name of any of these DEFIp platforms?? Also, the chainalysis data said a billion dollars stolen between january and march, which is a suspicously small window of time for a big data company like chainalysis to choose. dont u think?

899829cc
f5eb69a0 Sun, Sep 4, 2022

will the picture ever fit?

New comments are disabled after ten days in an attempt to limit spam.