- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
FBI: Hackers Are Exploiting DeFi Bugs to Steal Funds
Cyber-criminals are increasingly exploiting bugs in decentralized finance (DeFi) platforms to steal investor funds, the FBI has warned.
In a Public Service Announcement (PSA) yesterday, the Feds claimed that vulnerabilities in smart contract code have been targeted in several ways, including:
- By initiating a flash loan, triggering an exploit to cause investors and developers to lose around $3m in cryptocurrency
- By exploiting a signature verification vulnerability in a DeFi platform’s token bridge, resulting in $320m in losses
- Manipulating cryptocurrency price pairs through vulnerability exploitation, to conduct leveraged trades which stole roughly $35m in cryptocurrencies
The FBI cited data from blockchain analytics firm Chainalysis which revealed that hackers managed to steal $1.3bn in crypto in just the first three months of this year. Some 97% of these funds were stolen from DeFi platforms, up from 72% in 2021 and 30% in 2020, it claimed.
Many of the raids on cryptocurrency in recent years have been tied back to state-sponsored actors, most notably North Korean operatives.
In fact, it is claimed that Pyongyang stole $400m in crypto assets in 2021 alone. The FBI also linked the $618m heist at Ronin Network in March – the biggest theft of cryptocurrency in history – to North Korean actors.
The FBI recommended investors to do their research before putting money into DeFi. Among the things they should look for are platforms that have conducted one or more code audits, run real-time analytics and monitoring tools, and have an incident response plan in place.
The Feds also warned investors to avoid DeFi investment pools with limited joining timeframes and rapid deployment of smart contracts, as well as those that use open source code.
Back in July, the US State Department increased its reward for information on North Korean state-backed hackers to $10m. Pyongyang has also been blamed for the theft of $281m from Singapore-headquartered cryptocurrency exchange KuCoin in 2020.
In 2019, a UN report claimed that the Kim Jong-un regime had stolen $2bn from banks and crypto-exchanges to fund its weapons of mass destruction programs.