The Federal Bureau of Investigation (FBI) has issued a fresh warning regarding attacks on decentralised finance (DeFi) platforms, claiming that hackers are taking advantage of flaws in the smart contracts that control these platforms. The domestic intelligence and security service organisation of the United States reveals, citing an April 2022 report by blockchain analysis firm Chainalysis, that cybercriminals stole crypto worth $1.3 billion (roughly Rs. 10,400 crore) between January and March 2022. A staggering 97 percent of stolen crypto was from DeFi platforms.
The same report by Chainalysis also indicated a rise from 30 percent in 2020 to 72 percent in 2021. The agency reported that it had seen criminals take advantage of signature verifications, manipulate cryptocurrency price pairs, get around slippage checks, and use flash loans as a payment method. Regarding the latter, the FBI provided an example and made a note.
Even while the FBI acknowledged that “all investments carry some risk,” the agency has advised that investors should thoroughly examine DeFi platforms before using them and, if in doubt, consult a qualified financial adviser. The agency stated that it was crucial the platform’s protocols were robust and they had undergone one or more independent code audits. A code audit often entails a review of the platform’s underlying code to find any holes or flaws that might have a chance of exploitation.
The FBI advises caution when dealing with any DeFi investment pools with a “minimum period to join” or “rapid deployment of smart contracts,” mainly if they have not conducted a code audit.
According to the FBI, DeFi platforms can also contribute to security by routinely testing their code to find vulnerabilities and using real-time analytics and monitoring. The guidelines also include developing an incident response strategy and warning users of potential platform flaws, hackers, exploits, or other questionable behavior.
