The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency.
"The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency said in a notification.
Attackers are said to have used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms' smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments.
The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded for each other on an exchange – by exploiting a series of vulnerabilities to bypass slippage checks and steal roughly $35 million in digital funds.
It further said that the threat actors are looking to take advantage of the growing public interest in cryptocurrencies to carry out nefarious activities, once again indicating the opportunistic nature of the attacks.
Indeed, losses arising from cryptocurrency hacks have jumped nearly 60% in the first seven months of the year to $1.9 billion, propelled by a "stunning rise" in funds stolen from decentralized finance (DeFi) protocols, a report from blockchain analysis firm Chainalysis revealed this month.
"DeFi protocols are uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for exploits (though this can also be helpful for security as it allows for auditing of the code), and it's possible that protocols' incentives to reach the market and grow quickly lead to lapses in security best practices," the company noted.
Much of the hacks against DeFi services have been attributed to the North Korea-affiliated hacking unit known as the Lazarus Group, with the nation-state adversary attributed to the theft of nearly $1 billion.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser," the law enforcement authority said.
Additionally, it's also recommending consumers to research about DeFi platforms prior to investing, ensure their code has been subjected to thorough audits, and be cognizant of the risks posed by open source code repositories.
The advisory also arrives over a month after the FBI cautioned that malicious actors are developing rogue cryptocurrency apps to defraud investors of their virtual assets.