According to the Bureau, these systems are susceptible to cyberattacks due to vulnerabilities in the code and the fact that the protocols are available to anybody.
On Monday, the FBI issued a public notification discouraging investors from using DeFi due to security concerns. Investors who believe their funds have been taken were also urged to contact the FBI via the IC3 or their regional office.
“According to US blockchain research company Chainalysis, between January and March 2022, hackers stole $1.3 billion in cryptocurrencies, over 97 percent of which was taken via Defi platforms,” the FBI said in a public service announcement on Monday.
Cybercriminals attempt to take advantage of the open-source nature of DeFi systems and their complicated cross-chain capability, as well as investors’ desire for digital assets. The agency claimed that they abuse platforms by exploiting weaknesses connected with flash loans, signature verification, and cryptocurrency price pairings.
The statement also includes a list of suggestions, starting with the warning that investments are extremely unsafe, therefore consulting a registered financial advisor is an alternative. It also warns investors of vulnerabilities in the code of decentralized platforms and crowdsourced solutions.
The FBI also provided Defi platforms with some recommendations for preventing intrusions and the misuse of assets. Among them was the implementation of real-time analytics and a strict code audit.
The FBI stated in April that APT38, commonly known as Lazarus Group was behind the $625 million Ronin Bridge attack.
A few days before this crime, the FBI, Treasury Department, and Cybersecurity and Infrastructure Security Agency (CISA) released a joint alert warning investor about the risk of cyberattacks on their cryptocurrency holdings.