The FBI issued a Public Service Announcement (PSA) regarding increasingly concentrated cybercriminal activity surrounding the DeFi (Decentralized Finance) landscape. The FBI cautions investors to do their due diligence in choosing what DeFi protocols they decide to engage with, citing particular vulnerabilities from their (frequent) open-source nature. While transparent, open-source opens up the book on eventual security vulnerabilities that cybercriminals can explore. Due to the amount of money being moved through Decentralized Exchanges (DEX), which in 2021 moved around $1 trillion, there’s a huge appetite for exploits.
The FBI’s numbers are staggering. According to the service, an estimated $1.3 billion have already been hacked away from the cryptocurrency market, with 97% of that value taken from the DeFi sector between January and March this year. The FBI estimates this to correspond to an increase of 72% over the same period last year, and a 30% increase over 2020. According to public data, over $4 billion were siphoned from the crypto space throughout the entirety of 2021. The service also explicitly points to wormholes — services that bridge disparate blockchains together — as preferred points of attack. Recently, one such service, Ronin, was hacked for $625 million.
The #FBI warns that cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal investors cryptocurrency. If you think you are the victim of this, contact your local FBI field office or IC3. Learn more: https://t.co/fboL1N17JN pic.twitter.com/VKdbpbmEU1August 29, 2022
A territory of cryptocurrencies, DeFi has several tiers of decentralization, spanning truly decentralized services (where no singular institution has control of funds or private keys) through less-centralized versions of it (recall the events surrounding the Celsius DEX). All of them operate through smart contracts, digital automations that define rules for swaps, purchases, transmissions of ownership, and essentially everything that happens in the blockchain space.
Due to the complexity of programming, however, sometimes bugs slip through the code. This also sometimes happens due to poor code audits and validations. The FBI has thus included in its recommendations that investors make sure that the DeFi service they’re considering using has run through independent code audits. While this isn’t a guarantee that they can’t or won’t be hacked, it does in theory increase the bar that hackers have to jump through to access users’ funds.