The FBI has issued a warning about the most commonly exploited vulnerabilities used by cybercriminals to attack DeFi platforms.
According to a report by analytics firm Chainalysis, from January to March 2022 cybercriminals stole $1.3 billion in cryptocurrencies. Of these, nearly 97% was stolen from DeFi platforms.
The FBI highlighted three common tactics for carrying out attacks on this segment of the crypto market:
- initiating a flash loan (in this scheme an attack on the DeFi platform bZx in November 2021 caused losses of $55 million);
- exploiting a cross-chain bridge vulnerability (the Nomad protocol hack in early August, more than $90 million stolen);
- manipulating cryptocurrency prices by exploiting a range of vulnerabilities, including the use of a single-price oracle (the Deus Finance exploit in April 2022, $13.4 million stolen).
“Cybercriminals seek to exploit rising investor interest in cryptocurrencies, as well as the complexity of cross-network functionality and the open-source nature of DeFi platforms,” officials from the agency said.
Blockchain-security firms note that the most dangerous vulnerabilities are linked to smart-contract compromises.
“The code of a smart contract is usually not modifiable to fix security shortcomings. Assets stolen from smart contracts cannot be recovered and are extremely difficult to trace,” said the Ethereum Foundation.
For its part, the FBI recommends carefully auditing DeFi platforms, protocols and smart contracts for independent audits, as well as assessing the potential investment risks in this segment.
Earlier, analysts from Elliptic reported that since 2017 attackers launched more than $8 million through NFT marketplaces, which accounts for 0.02% of total trading volume.
From July 2021 to July 2022, tokens worth more than $100 million were stolen.
The most popular tool for laundering funds obtained from NFT-related fraud was the cryptocurrency mixer Tornado Cash.
Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.