Skip to Content
Cryptocurrency vulnerabilities
© Noipornpan |

Have any crypto invested? Beware of bugs that give criminals free rein to steal it

Despite its popularity, there are still things people don’t understand about cryptocurrency. It can be challenging to figure out the tricks of investing, especially if you are new to it. Before buying crypto, read Kim’s book Cryptocurrency 101: Beginner’s guide to buying, selling, and spending digital currency safely.

For starters, there are many cryptocurrency platforms where you can buy, sell and store investments. Some use Decentralized Finance (DeFi) platforms. While most of them are legitimate, a few can cause some headaches.

Read on to see how hackers exploit DeFi platform flaws to steal your money and a few tips to protect it.

Here’s the backstory

The FBI is warning crypto investors to keep a close eye on their money. According to a blog post from the FBI’s Internet Crime Complaint Center (IC3), hackers exploit vulnerabilities in DeFi platforms to steal funds.

IC3 explains that most vulnerabilities exist in smart contracts and signature verifications. Smart contracts are self-executing contracts with the terms of the agreement written directly in the code between buyer and seller.

“Cyber criminals seek to take advantage of investors’ increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms,” the IC3 explains.

Here are some of the ways the FBI has observed cybercriminals defrauding DeFi platforms:

  • By initiating a flash loan that triggered an exploit in the DeFi platform’s smart contracts, causing investors and the project’s developers to lose approximately $3 million in cryptocurrency due to the theft.
  • Exploiting a signature verification vulnerability in the DeFi platform’s token bridge and withdrawing all of the platform’s investments, resulting in approximately $320 million in losses.
  • Manipulating cryptocurrency price pairs by exploiting a series of vulnerabilities, including the DeFi platform’s use of a single price oracle, and then conducting leveraged trades that bypassed slippage checks and benefited from price calculation errors to steal approximately $35 million in cryptocurrencies.

What you can do about it

According to the FBI, cybercriminals stole $1.3 billion in cryptocurrencies in the first three months of this year. Almost 98% of the stolen funds made use of DeFi systems.

While you should always be cautious when dealing with cryptocurrencies, there are a few things that you can do to stay safe. Here are some FBI recommendations:

  • Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
  • Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
  • Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
  • Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open source code repositories allow unfettered access to all individuals, including those with nefarious intentions.

The FBI encourages investors who suspect cybercriminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office. Click here to find your local FBI field office.

We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.

Keep reading

Cryptocurrency tip: How to give digital currency as a gift

Don’t fall for these fake cryptocurrency ads all over Facebook

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days