The FBI has urged people to be cautious and heavily research a DeFi – decentralized finance – provider before putting your money into it, after more than a billion dollars was stolen from these providers in three months.
In an alert this week, quoting numbers from blockchain research firm Chainalysis, the Feds said $1.3 billion in cryptocurrencies were siphoned in total between January and March 2022 alone, and 97 percent of that was lifted from DeFi outfits. In May, Chainalysis upped that figure to $1.68 billion for the first four months of the year.
The FBI wants folks to realize the risks, get professional financial advice if in doubt, and do their homework on the security and general practices of DeFi providers. And by DeFi provider, we all mean exchanges, marketplaces, and similar sites where you can buy, sell, exchange, and loan cryptocurrencies and other digital assets.
The bureau’s warning comes after a round of cyber-robberies against these sorts of platforms, including a $100 million hit on Harmony (thought to been carried out by North Korea), an estimated $200 million theft from BitMart and a $130 million heist from Cream Finance.
According to Chainalysis, North Koreans have had their biggest year yet for cryptocurrency theft, with a haul of at least $840 million so far in 2022.
“The data goes to show that shoring up DeFi protocols’ defenses against hackers isn’t just a matter of building trust with users so that DeFi can continue to grow,” Chainalysis argued. “It’s also a matter of international security given that cryptocurrency stolen by North Korean hacking groups is used to support the country’s development of weapons of mass destruction.” The biz pointed to a 2019 United Nations document [PDF] to back that argument up.
The FBI’s alert offers advice to investors that starts with generic warnings about conducting due diligence before investing, before suggesting the following:
- Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
- Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
- Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
- Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, to include those with nefarious intentions.
Most DeFi platforms are relatively new, and have attracted big and small investors. They can involve more than just a basic swapping of tokens. For instance, a load of these websites and apps allow users to create and use smart contracts, which are bits of code that run typically to make transactions happen. That means user-generated software bugs are now in the mix, which can be exploited by thieves to steal coins, or just simply cause assets to vanish. Then there are APIs to access holdings and send tokens, which can go wrong. The combination of under-tested or poorly implemented tech and volumes of money have made the scene an attractive target for cybercriminals.
“People are putting their faith in crypto algorithms and protocols, and only time will tell if they are right or not,” Jeff Williams, co-founder and CTO at …….
Source: https://www.theregister.com/2022/09/01/fbi_cybercrime_defi_cryptocurrency/