The FBI has warned of serious vulnerabilities in DeFi protocols. What should crypto-investors do?
The Federal Bureau of Investigation has issued a warning about the high vulnerability of decentralised finance protocols to hacker attacks. According to FBI experts, attackers are actively exploiting vulnerabilities in smart contracts in decentralised protocols, resulting in huge financial losses for crypto-investors. The problem is very large-scale, since it has been brought to the attention of even such a US state security agency. We tell you more about the situation.
It should be noted that this is not the first time the FBI has been involved in the cryptocurrency industry. In particular, representatives of the agency commented on the detention of Coinbase employees in the second half of July, when they were accused of insider trading.
The agency’s representatives had previously warned of fraudulent cryptocurrency schemes with a romantic theme. In general, it was then reduced to the fact that scammers seek out victims, develop a relationship with them, and then induce them to invest coins directly through them or through fake platforms. Either way, it all ends up in losses.
How cryptocurrency is stolen
Scammers have at least three tactics for stealing funds from DeFi-protocols. The first is a quick loan using a vulnerability in a smart contract that allows attackers to take the funds for themselves. In a similar way, back in 2020, hackers were able to steal a substantial amount from a protocol called bzx.
DeFi dominates crypto in terms of funds stolen
As a reminder, a quick loan or so-called flash loan is a loan in crypto by a decentralised protocol with no collateral. The loan is supposed to be repaid automatically by the user in the same transaction block. This service is very popular in decentralised finance, and is often used to arbitrage assets between decentralised exchanges or to refinance other loans.
The second tactic is to exploit vulnerabilities in cross-chain bridges to steal funds. These platforms allow funds to be transferred between different blockchains, but sometimes their code can have critical flaws that result in the loss of funds. A prime example is the Horizon cross-chain bridge hack in June of this year, worth more than $100 million.
As Chainalysis analysts reported in early August, hackers hacked popular crosschain bridges thirteen times in 2022, with this activity generating the equivalent of $2 billion. Here's the corresponding graph for that time period.
Crosschain bridge hacks graph
Finally, a third tactic is the manipulation of altcoin prices by exploiting vulnerabilities, including the use of a single price oracle. An example of this is the April 2022 hack of Deus Finance, when hackers managed to “make” $13.4 million. In this case, the scammers are trying to convince the platform that the right asset is valued at a completely different amount. And unless the platform uses popular and reliable oracles like Chainlink, such a scheme does succeed.
According to Decrypt’s sources, the FBI announcement was also accompanied by the following quote
Cybercriminals are looking to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain solution features and open-source DeFi-platforms.
The most common types of attacks on DeFi protocols
The main problem with DeFi hacks is one of the advantages of smart contracts. They operate on a decentralised basis and are completely irreversible, meaning DeFi-protocols have no features that can recover the cryptocurrencies stolen by hackers. It is up to the developers of decentralised projects to protect funds, which is why the FBI recommends that investors carefully research the platforms before using or investing in them.
Read also: One of the top blockchain developers has abandoned his DeFi projects. What does this mean?
Unfortunately, human error can sometimes cause losses in decentralised assets too. Recently, the Solana-based OptiFi decentralised protocol team accidentally shut down its core network, resulting in a USDC blockchain worth $661,000. The error occurred during an upgrade of the protocol, reports CryptoSlate. It itself took longer than the developers expected. This was most likely due to the congestion of the Solana network.
As a result they decided to interrupt the installation process, but an intermediary account was already created. They wrote the solana program close command in the protocol code to get rid of the buffer account in the Solana network. This ended up blocking OptiFi customers’ funds.
Tweet on OptiFi’s official account
The problem was immediately reported on the official Twitter account of the project. Luckily, so far, things have ended relatively well: the OptiFi team announced full refunds to those affected, and also promised to consider their mistakes for the future. They will now upgrade the protocol to support more nodes in Solana and keep a closer eye on crypto flows within the protocol. However, this confirms what the FBI representatives said about the vulnerability of such platforms.
As a result, users of such platforms are left to follow the basic rules of investing. Firstly, one should not invest the entire amount in one project or platform. However, in case of collapse or possible bankruptcy of the company, it will result in serious losses. Secondly, one should not invest in assets that one cannot afford to lose. Accordingly, taking out loans or investing last - including on a bearish trend - is definitely not a good idea. The vast majority of such initiatives end up with even bigger problems.
There is interesting information in our millionaires’ crypto-chat. There we will discuss other important developments related to the decentralisation and blockchain industry.
Related posts
