News

Here’s How to Avoid Fight DeFi Exploits According to the FBI

Samvida Sharan

With criminals stepping up their efforts to steal crypto assets by exploiting DeFi (decentralized finance) vulnerabilities, the Federal Bureau of Investigation (FBI) of the United States has issued an alert. 

The FBI has noticed a sharp surge in smart contract hacks. The agency urges the investors who lost their assets due to these theft processes to reach out.  In a statement, the FBI mentioned, "Cyber criminals seek to take advantage of investors' increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms."

In this year's first quarter itself, digital assets worth more than $1.8 billion were stolen from DeFi protocols. This was approximately eight times an increase from the same period of 2021. The FBI has jotted a list of several attack vectors, like flash loans, token bridges, and oracle price pairs, that are specific to DeFi protocols.

The major targets of the exploits this year have been the token bridges. For instance, in June, the attackers hacked Harmony's cross-chain Horizon Bridge for $100 million. The largest exploit in the history of the crypto industry resulted in a loss of $625 million by Ronin Network, the Ethereum-linked sidechain for the blockchain game Axie Infinity. As per the investigators and authorities, a North Korean hacking unit Lazarus Group was responsible for both Horizon and Ronin Bridge incidents.

The authorities have traced some of these stolen funds to Tornado Cash, an Ethereum-powered crypto mixer. As a result, the U.S. blacklisted Tornado Cash in early August and prohibited citizens from engaging in the protocol. It barred even the digital assets that passed through this crypto mixer. 

Open Source Gives Unfettered Access to Hackers

As preventive measures to reduce the user's susceptivity to thefts and scams on the blockchain network, the FBI has listed four recommendations for crypto investors. These recommendations are the basic warnings and advice to enlist financial help from professionals, perform thorough research, and ensure that their investments possess verifiable code audits.  

The agency also warned the investors, asking them to be aware while joining the DeFi liquidity pools with 'significantly limited timeframes.' It mentioned that open source development, on which a significant share of the crypto ecosystem relies, comes with the possibility of several potential risks. 

Even though the security systems seem to be improving, numerous protocols subjected to code audits ended up becoming victims of these exploits that were beyond their control capacity, says the CEO of Immunefi, Mitchell Amador.

The FBI advised the platforms to establish real-time analytics. FBI also suggested ensuring consistent monitoring and continuous testing of their codes. They stated that it is essential that the platforms focus on developing an incident response plan by which they inform the investors of when an exploit occurs.