FBI issues recommendations for DeFi investors amid exploits

Quick Take

  • The US Federal Bureau of Investigation (FBI) issued new recommendations for DeFi investors on August 29, citing an uptick in criminals exploiting smart contracts.
  • The FBI recommends that DeFi investors do research and see if platforms have done code audits, among other suggestions. 

The US Federal Bureau of Investigation (FBI) is encouraging investors in decentralized finance (DeFi) protocols to seek platforms that have undergone code audits in light of an uptick in criminals exploiting vulnerabilities in smart contracts.

"Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money," the FBI wrote in an August 29 public service announcement detailing recommendations for investors and DeFi platforms alike. 

DeFi has played a leading role in cryptocurrency theft this year. DeFi protocols were related to a whopping 97% of the cryptocurrency stolen through May 1, Chainalysis reported. By July, the blockchain analysis company found that hacks were responsible for the overall theft of $1.9 billion worth of cryptocurrency in 2022 so far.

The FBI made four key recommendations for investors in DeFi protocols. First, it encouraged people to be aware of the broad risks of DeFi and to do their research. Then, it recommended that people use platforms that have undergone one or multiple third-party code audits.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The FBI also recommended people to "be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit." It also highlighted the possible risks of  "crowdsourced solutions to vulnerability identification and patching" and open-source code repositories. 

Law enforcement also recommended that DeFi protocols use "real-time analytics," monitoring and code testing to catch vulnerabilities and come up with a plan to notify platform users when a security incident occurs. 

The FBI also detailed a few situations where it has found criminals exploiting DeFi platforms to steal cryptocurrency. These include a signature verification exploit that cost about $320 million, theft of about $35 million related to manipulated price pairs and DeFi developers losing about $3 million due to a flash loan that set off a smart contract exploit. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Kristin Majcher is a senior correspondent at The Block, based in Colombia. She covers the Latin America market. Before joining, she worked as a freelancer with bylines in Fortune, Condé Nast Traveler and MIT Technology Review among other publications.