{"id":66472,"date":"2022-08-30T11:45:57","date_gmt":"2022-08-30T08:45:57","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=66472"},"modified":"2025-09-07T01:30:09","modified_gmt":"2025-09-06T22:30:09","slug":"fbi-identifies-popular-attack-vectors-targeting-the-defi-sector","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/fbi-identifies-popular-attack-vectors-targeting-the-defi-sector\/","title":{"rendered":"FBI Identifies Popular Attack Vectors Targeting the DeFi Sector"},"content":{"rendered":"<p>The FBI has issued a warning about the most commonly exploited vulnerabilities used by cybercriminals to attack <a href=\"https:\/\/forklog.com\/en\/news\/what-is-decentralised-finance-defi\">DeFi<\/a> platforms.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/hashtag\/FBI?src=hash&#038;ref_src=twsrc%5Etfw\">#FBI<\/a> warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: <a href=\"https:\/\/t.co\/fboL1N17JN\">https:\/\/t.co\/fboL1N17JN<\/a> <a href=\"https:\/\/t.co\/VKdbpbmEU1\">pic.twitter.com\/VKdbpbmEU1<\/a><\/p>\n<p>\u2014 FBI (@FBI) <a href=\"https:\/\/twitter.com\/FBI\/status\/1564337233217273857?ref_src=twsrc%5Etfw\">August 29, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>According to <a href=\"https:\/\/forklog.com\/en\/news\/chainalysis-97-of-crypto-stolen-in-2022-was-tied-to-defi-protocols\">a report<\/a> by analytics firm Chainalysis, from January to March 2022 cybercriminals stole $1.3 billion in cryptocurrencies. Of these, nearly 97% was stolen from DeFi platforms.<\/p>\n<p>The FBI highlighted three common tactics for carrying out attacks on this segment of the crypto market:<\/p>\n<ul class=\"wp-block-list\">\n<li>initiating a flash loan (in this scheme an attack on the DeFi platform bZx<\/a> in November 2021 caused losses of $55 million);<\/li>\n<li>exploiting a cross-chain bridge vulnerability (<a href=\"https:\/\/forklog.com\/en\/news\/hackers-drain-nomad-cross-chain-protocol-of-over-90-million\">the Nomad protocol hack<\/a> in early August, more than $90 million stolen);<\/li>\n<li>manipulating cryptocurrency prices by exploiting a range of vulnerabilities, including the use of a single-price oracle (<a href=\"https:\/\/forklog.com\/en\/news\/hacker-drains-more-than-13m-from-defi-protocol-deus-finance-dao\">the Deus Finance exploit<\/a> in April 2022, $13.4 million stolen).<\/li>\n<\/ul>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cCybercriminals seek to exploit rising investor interest in cryptocurrencies, as well as the complexity of cross-network functionality and the open-source nature of DeFi platforms,\u201d officials from the agency said.<\/p>\n<\/blockquote>\n<p>Blockchain-security firms note that the most dangerous vulnerabilities are linked to smart-contract compromises.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe code of a smart contract is usually not modifiable to fix security shortcomings. Assets stolen from smart contracts cannot be recovered and are extremely difficult to trace,\u201d said the Ethereum Foundation.<\/p>\n<\/blockquote>\n<p>For its part, the FBI recommends carefully auditing DeFi platforms, protocols and smart contracts for independent audits, as well as assessing the potential investment risks in this segment.<\/p>\n<p>Earlier, analysts from Elliptic reported that since 2017 attackers <a href=\"https:\/\/forklog.com\/en\/news\/elliptic-tornado-cash-was-a-key-service-for-nft-scammers\">launched more than $8 million<\/a> through NFT marketplaces, which accounts for 0.02% of total trading volume.<\/p>\n<p>From July 2021 to July 2022, tokens worth more than $100 million were stolen.<\/p>\n<p>The most popular tool for laundering funds obtained from NFT-related fraud was the cryptocurrency mixer Tornado Cash.<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news on our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 cryptocurrency news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The FBI issued a warning about the most commonly exploited vulnerabilities used by cybercriminals to attack DeFi platforms.<\/p>\n","protected":false},"author":1,"featured_media":66473,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1154,1093,1143],"class_list":["post-66472","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-crimes","tag-defi","tag-intelligence-agencies"],"aioseo_notices":[],"amp_enabled":true,"views":"22","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=66472"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66472\/revisions"}],"predecessor-version":[{"id":66474,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66472\/revisions\/66474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/66473"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=66472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=66472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=66472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}