Three attack vectors were identified by the agency, including $1.3 billion worth of digital assets that were stolen in Q1 2022. Monday’s Federal Bureau of Investigation alert focused on cybercriminals exploiting weaknesses in smart contracts to attack decentralized finance platforms (DeFi).
“Cyber criminals stole $1.3Billion in cryptocurrency between January and March 2022,” the agency claims citing an April 2022 report from Chainalysis.
Three tactics have been used by cybercriminals to launch attacks, according to the agency.
Initiating a Flash Loan. This was in the case of the November 2021 Attack on the Ethereum DeFi Project . bZx. The thieves took $55 million worth of digital assets.
Exploiting a vulnerability within the DeFi platform’s token Bridge. This was evident in the case for the Nomad token bridge, earlier this month.
Manipulating cryptocurrency prices through a variety of vulnerabilities. This includes the use of a single price Oracle. In the case of April 2022 Deus Finance exploit, thieves took $13.4 million.
According to the agency, cybercriminals are looking to profit from investors’ increased interest and complexity in cryptocurrency.
Blockchain security companies have been tracking the most common vector used to compromise smart contracts by cybercriminals for years.
This level of theft is dangerous because smart contract code cannot usually be modified to fix security flaws. Assets that have been taken from smart contracts are impossible to trace and are very difficult to recover,” warns the Ethereum Foundation.
Cybercriminals aren’t limited to high-value targets like DeFi platforms. Elliptic, a blockchain analysis company, published last week its report “NFTs & Financial Crime”. According to the report, more than \$100 million was spent on NFTs between July 2021 & July 2022.
The FBI recommends that you carefully study DeFi platforms, smart contracts, protocols and protocols before investing. It also advises that you be aware of any potential risks.
The FBI recommends that customers check to make sure the platform has been subject to independent audits. The FBI also recommends caution when investing in investment pools that have very limited time frames to deploy smart contracts and are not subject to the code audit.
Also, you should do your research.