Cybercriminals are taking advantage of vulnerabilities in decentralized finance (DeFi) platforms to steal investor funds, according to a recent warning from the FBI.
In a Public Service Announcement (PSA) issued yesterday, the FBI highlighted that bugs in smart contract code have been exploited in various ways, leading to significant losses for investors and developers. These tactics include initiating flash loans to trigger exploits, exploiting signature verification vulnerabilities in token bridges, and manipulating cryptocurrency price pairs to conduct leveraged trades.
Data from blockchain analytics firm Chainalysis revealed that hackers have managed to steal $1.3 billion in cryptocurrency in the first three months of this year alone. Of this amount, 97% of the funds were stolen from DeFi platforms, a significant increase from previous years.
State-sponsored actors, particularly North Korean operatives, have been linked to many of these cyber thefts. In 2021, it is estimated that North Korea stole $400 million in crypto assets. The FBI also attributed the $618 million heist at Ronin Network in March, the largest cryptocurrency theft in history, to North Korean actors.
To protect themselves, investors are advised to conduct thorough research before investing in DeFi platforms. They should look for platforms that have undergone code audits, employ real-time analytics and monitoring tools, and have an incident response plan in place. Additionally, investors should avoid DeFi investment pools with limited joining timeframes, rapid deployment of smart contracts, and the use of open-source code.
The US State Department has increased the reward for information on North Korean state-backed hackers to $10 million, following previous cyber theft incidents. In 2020, North Korea was blamed for stealing $281 million from the cryptocurrency exchange KuCoin. A UN report from 2019 also alleged that the Kim Jong-un regime had stolen $2 billion from banks and crypto exchanges to fund its weapons of mass destruction programs.
In light of these developments, it is crucial for investors to exercise caution and due diligence when navigating the complex world of DeFi investments. Stay informed, stay vigilant, and protect your assets from cyber threats.