FBI Warnings over DeFi Exploits

by the Crystal compliance team

The FBI has issued a fresh warning for investors to take precautions with Decentralized Financial (DeFi) platforms  

Authorities’ warnings for DeFi investments  

On August 29, 2022, the United States Federal Bureau of Investigation (FBI) warned investors that cybercriminals are increasingly exploiting security defenselessness in DeFi platforms to steal cryptocurrency.  

Decentralized Finance (DeFi) is an emerging digital financial infrastructure that theoretically eliminates the need for a central bank or government agency to approve financial transactions and is deeply connected with the evolution of blockchain technologies.  

From the supervisory practices, by far, the use of Blockchain Analytic tools has been adopted on larger scales by authorities globally, with the main focus on monitoring financial crime trends across transactions and activities of virtual asset service providers (VASPs). Various governmental bodies, such as the FBI and NYDFS (New York Department of Financial Services), stressed using blockchain analytic tools to monitor and mitigate financial crime.   

NYDFS, on April 28, 2022, published its guidance on using blockchain analytics for all VASPs (Virtual Asset Service Providers) licensed under 23 NYCRR Part 200 or chartered as a limited-purpose trust company under the New York State Banking Law.   

Cybercrime threat  

Smart contracts governing DeFi platforms were identified as a particular cause for concern by the FBI, and because of the vulnerabilities of smart contracts, investors may face financial losses.   

“A smart contract is a self-executing contract with the terms of the agreement between the buyer and seller written directly into lines of code that exist across a distributed, decentralized blockchain network. “- the FBI states.  

The release notes that out of roughly $1.3 billion in crypto assets stolen by cyber criminals between January and March 2022, almost 97% of it was snatched from DeFi platforms. Per the FBI’s calculations, this amounts to a significant increase from 72 percent in 2021 and approximately 30 percent in 2020.  

Attackers have used various methods to hack and steal cryptocurrency from DeFi platforms; the FBI has observed cybercriminals defrauding DeFi platforms through initiating flash loans that trigger exploits in the platforms’ smart contracts and signature verification flaws in their token bridge to withdraw all investments, as well as chaining together several flaws to manipulate price pairs.   

In a specific example, the FBI mentioned cases where hackers used a “signature verification vulnerability” to plunder $321 million from the Wormhole token bridge back in February. It also cited a flash loan attack that triggered an exploit in the Solana DeFi Nirvana in July 2022.   

Recommendations for investors to mitigate risk  

The FBI acknowledges that investment involves risk but recommends investors take precautions before making an investment decision:  

  • Investors should research DeFi platforms, protocols, and smart contracts before investing and be aware of the risks involved in DeFi investments. Ensure the platform has conducted a code audit performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.  
  • Investors are alert of DeFi investment pools with extremely limited timeframes to join and rapidly deploy smart contracts, especially without the recommended code audit.  
  • Be aware of the potential risks of crowdsourced vulnerability identification and patching solutions. “Open-source code repositories allow unfettered access to all individuals, including those with nefarious intentions.”  

How does blockchain analytics prevent investors from being scammed?  

The FBI urges DeFi platforms to use real-time analytics and test code to identify vulnerabilities and protect against hacks.  

The crypto market needs to grow, evolve, and stabilize data analytics. Analytics is the information-gathering mechanism of the financial industry, decentralized or otherwise. The fact is that crypto investment is not safe without analytics.  

Businesses in the cryptocurrency industry should adopt blockchain monitoring and analytic tools to avoid risking users’ funds and trust. Data analytics can help to provide visualization tools to investigate crypto risks and analyze blockchain addresses and reliable models for investing in particular cryptocurrencies.   

In an area rife with hacks, scams, and failures, data analytics is essential to mitigate risk and not merely to chase maximum rewards. Anti-fraud crypto monitoring tools scan publicly available transaction data to track illegal and criminal behavior.   

The crypto compliance tool’s data collection and transaction identification is a continual process. High-quality data analytics serve as the first line of defense, and it can help ensure that fair and lawful practices are followed and bracket cryptocurrencies and their associated risk ratios.  

Key takeaways 

The warning is important not only for  

  1. Investors, who pour money into DeFi platforms but also for developers, who often set the terms of the smart contracts these platforms operate on, and
  2. Policymakers and regulators, to understand as their elected responsibilities include both protecting consumers and to ensure the market is adequately protected against these risks.  

The FBI has listed a series of recommendations for both DeFi platforms and consumers to protect against future attacks or exploitations. FBI encourages investors who suspect cybercriminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.   

Our Regulatory & Compliance team at Crystal Blockchain comprises experts from financial services and regulators. We are hands-on professionals with experience in helping you to transform regulation into effective risk management.   

For any queries about crypto compliance regulation, get in touch with our regulatory affairs team at