In 2022, bad actors have turned their attention to crypto and the decentralized finance (DeFi) sectors. Cybercriminals have stepped up their efforts to steal funds from users by attacking different protocols. As a result, hackers managed to cash out over $2 billion from their criminal activities.
The U.S. Federal Bureau of Investigation (FBI) issued a warning against another potential spike in cyber attacks against crypto and DeFi. The law enforcement agency and other legal entities in this country have identified several hacker groups with ties to rogue nations.
As Bitcoinist reported, North Korean-backed hacker groups seem to be the most prolific at attacking DeFi and crypto projects. The infamous Lazarus Group and others have netted over $1 billion in crypto theft. The funds are allegedly used to support the country’s nuclear program.
The U.S. FBI said the following about the alleged growing trend of cyber attacks from bad actors to crypto and its DeFi sector:
The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.
Data provided by the FBI indicates that hackers have managed to steal around $1.3 billion in cryptocurrencies from January to March 2022 alone. This represents a 72% increase when compared to Q1 2021. DeFi platforms are the main focus of these attacks.
U.S. authorities believe the spike in DeFi adoption, the “complexities” of using smart contracts and DeFi protocols, and the open-source nature of the sector have made it particularly vulnerable to bad actors.
ETH’s price moving sideways on the 4-hour chart. Source: ETHUSDT Tradingview Notorious 2022 Crypto Hacks, According To The FBIThe law enforcement agency highlighted some of the modus operandi utilized by hackers to steal from crypto investors. Protocols known as “bridges”, enabling users to trade assets from different blockchains, have been some of the most affected in the spike of cyber-attacks.
Hackers have managed to exploit a “signature verification vulnerability” in a DeFi bridge and grant permission to withdraw over $320 million from the platform. Other attacks target protocols that offer “flash loans”.
Hacks have been able to manipulate other vulnerabilities in the sector, the FBI said, including price oracles and trading products with “price calculation errors”. For the users, the FBI recommended conducting research on potential investment and DeFi protocol before sending money to the platform.
In addition, the FBI recommended users look into the projects’ security audits to verify their level of security. For developers, the law enforcement agency recommended:
Institute real time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity. Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.