The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency.
“The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency,” the agency said in a notification.
Attackers are said to have used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms’ smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments.
The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded for each other on an exchange – by exploiting a series of vulnerabilities to bypass slippage checks and steal roughly $35 million in digital funds.
It further said that the threat actors are looking to take advantage of the growing public interest in cryptocurrencies to carry out nefarious activities, once again indicating the opportunistic nature of the attacks.
Additionally, it’s also recommending consumers to research about DeFi platforms prior to investing, ensure their code has been subjected to thorough audits, and be cognizant of the risks posed by open source code repositories.
The advisory also arrives over a month after the FBI cautioned that malicious actors are developing rogue cryptocurrency apps to defraud investors of their virtual assets.
