Do you think your cryptocurrency is more secure on a decentralized platform compared to more centralized exchanges? Well, the FBI is here to tell you that, no, vulnerabilities on DeFi platforms are real, and they were a party to the vast majority of the $1.3 billion in cryptocurrency stolen in just the first three months of this year.
in general note Published late Monday, the FBI warned investors about the increase in the total number of DeFi platforms exploited since the beginning of 2022. The bureau said cybercriminals are exploiting vulnerabilities in the smart contracts that govern DeFi platforms, particularly the “complexity of cross-chain functionality.” and the open source nature of DeFi platforms.”
The FBI said that 97% of the $1.3 billion in stolen cryptocurrency was from these DeFi platforms, according to crypto security firm Chainalysis. Although they didn’t mention any specific hacks, the agency did mention $3 million in express loan attacks that manipulated contracts on the multi-chain protocol. Deus FinanceThe 325 million USD Exploitation of the wormhole protocolAnother hack that took advantage of a lack of security checks to steal $35 million in cryptocurrency.
The FBI said investors should be careful about investing, do their research and ensure that the DeFi platform performs more or more code audits by independent security auditors to assess any vulnerabilities. Although the FBI recently warned of fake apps and others coding tricksThe agency also warned of the dangers of “crowdsourcing” projects, meaning that “open source code repositories allow unrestricted access to all individuals, to include those with nefarious intentions.”
First, it is important to note what the FBI only refers to as “DeFi. It is a very broad and often poorly used term that refers to any financial technology (though mostly blockchain protocols) that attempts to remove central institutions such as banks from the equation. Money, also known as your crypto, is stored in a digital wallet managed by users. So unlike the stock exchange, which is deliberately centralizing (but don’t you dare call it a bank, though it does a lot of The same thing that regular banks already do) DeFi projects try to eliminate any middlemen through peer-to-peer networks on security protocols developed by the community.
G/O Media may get commission
Proponents say that these blockchains and the security protocols attached to them are more secure than legacy systems, often referred to as Web3 and Web2, respectively. Although these blockchain systems resist human in middle attacks, where data is intercepted and manipulated in the middle of the road, scammers They still run away with billions of stolen money, often Phishing schemes Or through security holes in the connection on Web2 platforms.
The $1.3 billion total cited by the FBI also includes 625 million dollars Stolen in late March from ronin bridge, used by the game Axie Infinity. And of course there have been other major exploits since March. In early August, the Nomad DeFi . project was drain 190 million dollars Thanks to the vulnerability left by the routine upgrade, while users on the Solana blockchain network initially tested Loss of more than 5 million dollars Among the thousands of individual cryptocurrency wallets. This latest exploit has seen hundreds of internet users exploit to drain money from fellow crypto users, and the people who run Solana basically have them. I beg These pirates to return their illegal gains.
Although the FBI has recommended that DeFi platforms analyze and test their code for any vulnerabilities, the open nature of these “decentralized” projects is a major selling point. Many of these types of projects operate as decentralized autonomous organizations, known as DAOs. Ostensibly, all decisions are made by unanimous voting by the community, yet the code authors (often project founders) still control how any changes are coded and implemented.
In April, after the DeFi platform Rari Capital and Fi Protocol Hacked For $80 million across multiple pools, the Tribe DAO that runs the system met to decide whether to compensate members. according to Decrypt, the vast majority of the 34 million member votes wanted to make the affected users complete. Despite community consensus, a second vote was taken and the original decision was contested. Key members said the original vote was not clear how those users would get their money back. A third vote rejected the idea of paying in full.