The FBI has issued a security alert warning investors that cybercriminals are increasingly taking advantage security vulnerabilities on DeFi platforms steal cryptocurrencies.

If you are interested in the world of cryptocurrencies, you are probably familiar with “decentralized finance” or DeFi platforms. It is a protocol that enables the creation of a network of financial services with all the possibilities of a classic bank (accounts, loans, transfers, purchases of derivatives…), but with virtual currencies and block chain technologies.

DeFi offers a number of advantagesstarting with its operation peer to peer independent of a centralized system, but like all emerging technologies, especially in cryptocurrencies, it needs to monitor sections such as high volatility or security, as the FBI warns: “Cybercriminals Exploit Vulnerabilities in Smart Contracts Governing DeFi Platforms to Steal Crypto from Investors”.

A public service announcement published today on the Internet Crime Complaint Center claims that between January and March 2022, $1.3 billion in cryptocurrency was stolen. Almost 97% was stolen on DeFi platforms and its incidence is increasing.

In most detected cases, pirates exploit security flaws in the code or a security breach on the platform, allowing them to divert cryptocurrencies to addresses under their control. Cybercriminals use a variety of methods, including initiating flash loans that trigger vulnerabilities in the platforms’ smart contracts and exploiting signature verification flaws.

DeFi Alert

The FBI recommends taking precautions before making an investment decision on these platforms, such as:

• Before investing, research DeFi platforms, protocols and smart contracts and be aware of the specific risks associated with these types of investments.
• Ensuring that the DeFi investment platform has undergone one or more code audits conducted by independent auditors and involving a thorough review and analysis of the platform’s core code to identify vulnerabilities or weaknesses in the code that could negatively impact its performance.
• Warning of DeFi investment groups with extremely limited timeframes to connect and quickly deploy smart contracts, especially without a recommended code audit.
• Consider the potential risk posed by a collaborative solution for identifying and patching vulnerabilities. Open source repositories allow unlimited access to anyone, including those with malicious intent.

“Cybercriminals try to take advantage of the increased interest of investors in cryptocurrenciesas well as the complexity of cross-chain features and the open source nature of DeFi platforms”they explain from the agency in a notice that can be extended to the whole world of cryptocurrencies.