The FBI has issued a set of recommendations for DeFi investors. These recommendations include taking the proper precautions before investing in the DeFi platform. Specifically, investors should investigate the platform's smart contracts, and only invest in firms that have paid for independent code audits. They should also avoid investment pools that offer extremely short investment timeframes.
Cyber criminals target Decentralized Finance (DeFi) platforms
Cyber criminals have turned their attention to the rapidly growing cryptocurrency market, and they have started targeting DeFi platforms to steal cryptocurrency. These attacks are often triggered by vulnerabilities in smart contracts and security flaws found in the code of these platforms. Almost nine out of ten successful attacks on these platforms begin with social engineering.
In January to March of 2018, hackers stole $1.3 billion worth of cryptocurrency, with almost 97 percent coming from DeFi platforms. This theft will continue to grow, accounting for 72 percent of all crypto stolen in 2021 and 30 percent in 2020. Cyber criminals have used a variety of techniques to steal cryptocurrency from DeFi platforms, including using smart contracts to take advantage of security flaws. One such attack resulted in the theft of $320 million worth of cryptocurrencies.
Investors should be wary of investment pools with extremely limited timeframes to join
The FBI is warning DeFi investors to be cautious of investment pools that offer extremely short timeframes for joining and participating in projects. The agency also recommends that DeFi platforms conduct code audits, rely on real-time analytics and develop an incident response plan, and take other steps to protect their users.
Hackers exploit vulnerabilities in smart contracts
Despite its popularity, smart contracts are vulnerable to security attacks. This is because these contracts depend on the underlying blockchain platform and the executions of other cooperating smart contracts. Furthermore, some developers may not understand the implicit relationships between smart contracts. In addition, many developers use crude runtime environments and programming languages. This makes it difficult to update a smart contract after its deployment.
To exploit these vulnerabilities, hackers must first put a vulnerable smart contract on the network. Once they have done that, they need to call the contract's pay function, passing an address of a fraudulent contract as an argument. In addition, modern DeFi smart contracts deal with huge amounts of money, which means that they are susceptible to error. Moreover, many operations in the contract logic are interconnected with token transfers, creating a wide field for mistakes in calculations. For instance, an error in the accuracy constant might lead to the erroneous payment of funds.
Implement an incident response strategy
While DeFi investment pools are a great way for individuals to invest in crypto, it is important to implement an incident response strategy. This can help protect investors from fraud. In addition to implementing an incident response strategy, investors should research and evaluate their platforms. They should choose platforms that have undergone thorough security audits. They should also watch out for investment pools with short timeframes. The FBI also encourages companies that provide DeFi platforms to implement robust incident response plans and strengthen cybersecurity compliance.
First, the DeFi ecosystem is a decentralised environment. It is not possible for a single organisation to have oversight and control over all activities. However, this can lead to a more open environment for fraud and theft. The absence of centralised management could also lead to an increased risk of erroneous transfers.
