In a recent alert, the Federal Bureau of Investigation (FBI) said that hackers are abusing weaknesses in the smart contracts that govern decentralised finance (DeFi) networks. According to a Chainalysis report from April 2022, which the domestic intelligence and security service of the United States cites, thieves stole cryptocurrency worth $1.3 billion (approximately Rs. 10,400 crore) between January and March 2022. Amazingly, DeFi platforms were where 97 percent of the stolen cryptocurrency came from.
The same Chainalysis analysis also predicted a jump from 30% in 2020 to 72% in 2021. The agency noted that it has observed criminals circumvent slippage checks, take advantage of signature verifications, manipulate cryptocurrency price pairs, and use flash loans as a form of payment. The FBI made a note and gave an example with regard to the latter.
The FBI has encouraged investors to carefully review DeFi platforms before utilising them and, if in doubt, seek a trained financial adviser even though the agency admitted that "all investments contain some risk." The agency stressed the importance of the platform's protocols being strong and having passed at least one independent code audit. A code audit frequently involves examining the platform's underlying code to look for any gaps or defects that could be exploited.
When dealing with any DeFi investment pools that have a "minimum term to join" or "rapid rollout of smart contracts," especially if they have not performed a code audit, the FBI advises caution.
The FBI claims that by regularly testing their code for flaws and utilising real-time analytics and monitoring, DeFi platforms may also improve security. Creating an incident response plan and alerting users to suspected platform weaknesses, hackers, exploits, or other suspicious activity are also part of the rules.
