FBI warns attacks on DeFi platforms are increasing

Threat actors heisted more than $1 billion in cryptocurrency assets from decentralized finance platforms in a three-month time span, according to a public service announcement from the FBI.

In an alert Monday, the FBI stated that cybercriminals are increasingly exploiting vulnerabilities discovered in DeFi platforms to steal cryptocurrency. The problem has become so pressing that it warranted a warning from the FBI, which urged DeFi investors to alert the agency to any possible thefts.

The prime target of the attacks is smart contracts, which the FBI described as a "self-executing contract with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network." Threat actors are leveraging vulnerabilities found in these contracts to drain the platforms, and so far, many such attacks have been successful.

"Between January and March 2022, cyber criminals stole $1.3 billion in cryptocurrencies, almost 97 percent of which was stolen from DeFi platforms, according to the US blockchain analysis firm Chainalysis," the public service announcement read.

The FBI said DeFi platforms accounted for 30% of cryptocurrency thefts in 2020. The following year, the number rose to 72%, and now it has reached nearly 100%. The FBI attributed the massive uptick to both an increased interest in cryptocurrencies along with the "complexity of cross-chain functionality and open source nature of DeFi platforms."

In addition, the FBI listed three examples of successful attacks it observed during this span. The one that cost investors the most occurred when actors exploited a signature verification vulnerability in a DeFi platform's token bridge, which allows transactions between two different chains. According to the FBI alert, the attackers drained all investments from the unnamed DeFi platform, which the FBI estimated to be a $320 million loss. The details align with an attack against Wormhole in February -- the cryptocurrency platform confirmed that the use of an exploit led to a $320 million loss.

The second biggest risk to DeFi investors came through actors manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, according to the alert. This allowed attackers to benefit from price calculation errors and steal approximately $35 million.

Third, the FBI issued a warning on flash loans, which blockchain security vendor PeckShield described to TechTarget Editorial as a "special form of loans, which involve the lending of cryptocurrencies (from a pool) to a borrower without collaterals and require the immediate payment within the transaction." Between January and March, the FBI observed that investors and platform founders lost approximately $3 million as a result of attackers initiating a flash loan that triggered an exploit in the smart contracts.

Flash loan losses increased the following month after an attack involving a flash loan exploit cost cryptocurrency platform Beanstalk Farms all of its $182 million in assets.

The FBI offered actionable steps to increase investors' awareness. One recommendation was to confirm that the platforms have conducted code audits. Those risks were highlighted by the attack on Beanstalk Farms where threat actors exploited code that was deployed after an initial audit was completed.

As for the platforms themselves, the FBI recommended implementing steps such as code testing and real-time monitoring to identify vulnerabilities and respond to suspicious activity in a timelier fashion. The PSA also highlighted the importance of an incident response plan to alert investors when these threats are detected.