In a recent development, the U.S. Federal Bureau of Investigation (FBI) has issued a fresh warning to crypto investors concerning increasingly exploiting vulnerabilities in decentralised finance (DeFi) platforms to steal cryptocurrency.
The FBI noted that Cyber criminals tend to take advantage of investors’ increased interest in cryptocurrencies, the complexity of cross-chain functionality and the open-source nature of DeFi platforms.
Chainalysis has revealed that between January and March 2022, cybercriminals stole $1.3 billion in cryptocurrencies. Almost 97% of this theft was stolen from DeFi platforms.
When in doubt, seek advice from a licensed financial adviser: FBI
The FBI has noted that such frauds cause investors to lose a ransom amount of money. Taking this into account the FBI has encouraged investors suspecting cyber criminals with respect to their DeFi investments to contact it through the Internet Crime Complaint Center or their local FBI field office.
The law enforcement agency also shed light on different ways cybercriminals defraud DeFi platforms. These include exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdrawing all of the platform’s investment, among different techniques.
Trending Stories
In its set of recommendations, the agency recommended that investors make their investment decisions based on their financial objectives as well as financial resources. It added that in the event of any doubt, it is always good to seek advice from a licenced financial adviser.
FBI recommendations:
The other precautionary measures recommended by the FBI to the investors include:
- Invest only after proper research on DeFi platforms, smart contacts and protocols
- Be mindful of the specific risks involved in DeFi investments.
- Make sure that the DeFi investment platform has carried out one or more code audits executed by independent auditors.
- Pay attention to DeFi investment pools with extremely limited timeframes to join. Rapid deployment of smart contracts, particularly without the recommended code audit.
- Be aware of the probable risk posed by crowdsourced solutions to vulnerability identification and patching.