The US Federal Bureau of Investigation (FBI) is encouraging investors in decentralized finance (DeFi) protocols to seek platforms that have undergone code audits in light of an uptick in criminals exploiting vulnerabilities in smart contracts.
"Cyber criminals are increasingly exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal cryptocurrency, causing investors to lose money," the FBI wrote in an August 29 public service announcement detailing recommendations for investors and DeFi platforms alike.
DeFi has played a leading role in cryptocurrency theft this year. DeFi protocols were related to a whopping 97% of the cryptocurrency stolen through May 1, Chainalysis reported. By July, the blockchain analysis company found that hacks were responsible for the overall theft of $1.9 billion worth of cryptocurrency in 2022 so far.
The FBI made four key recommendations for investors in DeFi protocols. First, it encouraged people to be aware of the broad risks of DeFi and to do their research. Then, it recommended that people use platforms that have undergone one or multiple third-party code audits.
The FBI also recommended people to "be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit." It also highlighted the possible risks of "crowdsourced solutions to vulnerability identification and patching" and open-source code repositories.
Law enforcement also recommended that DeFi protocols use "real-time analytics," monitoring and code testing to catch vulnerabilities and come up with a plan to notify platform users when a security incident occurs.
The FBI also detailed a few situations where it has found criminals exploiting DeFi platforms to steal cryptocurrency. These include a signature verification exploit that cost about $320 million, theft of about $35 million related to manipulated price pairs and DeFi developers losing about $3 million due to a flash loan that set off a smart contract exploit.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.