The Federal Bureau of Investigation has published a warning regarding the increasing activities in cryptocurrency theft through DeFi platforms.

Decentralized Finance platforms were responsible for 97% of the cryptocurrency theft between January and March 2022.

FBI asks investors to be much more careful while they are deciding to make investments and gives them a series of recommendations.

Cryptocurrencies are being integrated more and more into our daily life. While all of those changes happening, the bugs in the platforms that handle cryptocurrencies, called Decentralized Finance (DeFi), are causing huge issues. And now, those platforms and those bugs are being specifically targeted by hackers to steal cryptocurrency.

$1.3 billion stolen in 3 months

The U.S. Federal Bureau of Investigation (FBI) has made a warning about this issue, stating that the threat actors are trying to exploit the bugs in DeFi platforms. Due to the nature of cryptocurrencies, it is very very hard to track the money or the people when it is stolen. Thus, the FBI wants investors to be careful about this issue and call them if they become a victim of crypto theft.

According to the data FBI published with the warning, the value of the crypto theft between January and March 2022, only 3 months, reaches $1.3 billion. And 97% of those cryptocurrency was stolen from the DeFi platforms. The year-over-year change is 172% when compared to 2021. FBI states that the cybercriminals defraud DeFi platforms by the following;

Initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency as a result of the theft.

Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdrawing all of the platform’s investments, resulting in approximately $320 million in losses.

Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle, and then conducting leveraged trades that bypassed slippage checks and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

The U.S. Federal Bureau of Investigation also recommends potential investors take the following precautions:

Research DeFi platforms, protocols, and smart contracts before investing, and be aware of the specific risks involved in DeFi investments.

Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.

Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.

Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, including those with nefarious intentions.