In light of an increase in fraudsters taking advantage of smart contract vulnerabilities, the US Federal Bureau of Investigation (FBI) is urging investors in decentralized finance (DeFi) protocols to look for platforms that have undergone code audits.
“Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money,” The FBI offered the guidelines for both investors and DeFi platforms in a public service announcement on August 29.
This year, DeFi has been heavily involved in cryptocurrency theft. DeFi protocols were involved in an astounding 97% of the cryptocurrency stolen up until May 1, according to Chainalysis. The blockchain analysis firm discovered in July that hacks were to blame for the overall theft of $1.9 billion in cryptocurrency in 2022.
Investors in DeFi protocols have received four important recommendations from the FBI. First, it urged people to educate themselves about the general risks of DeFi and to conduct their own research. The use of platforms that have undergone one or more third-party code audits was then advised.
People should “be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit” the FBI further advised. Additionally, it emphasized the potential dangers associated with open-source code repositories and “crowdsourced solutions to vulnerability identification and patching”
The use of “real-time analytics,” monitoring, and code testing by DeFi protocols is also advised by the law enforcement agency in order to identify vulnerabilities and develop a plan for alerting platform users in the event of a security incident.
Additionally, the FBI described a few instances in which it discovered criminals abusing DeFi platforms to steal cryptocurrency. These include a $320 million signature verification exploit, a $35 million theft related to manipulated price pairs, and a $3 million loss for DeFi developers as a result of a flash loan that triggered a smart contract exploit.
Image Credit: Shutterstock
Keep in mind that we may receive commissions when you click our links and make purchases. However, this does not impact our reviews and comparisons. We try our best to keep things fair and balanced, in order to help you make the best choice for you.
