BleepingComputer reports that the FBI has warned about the increasing exploitation of decentralized finance platforms' security vulnerabilities to facilitate cryptocurrency theft.
Ninety-seven percent of the nearly $1.3 billion in cryptocurrency stolen by threat actors from January to March 2022 were from DeFi platforms, compared with 72% and nearly 30% in 2021 and 2020, respectively, said the FBI in its Internet Crime Complaint Center advisory.
The FBI noted that several approaches have been leveraged by threat actors for DeFi-based cryptocurrency theft, including the abuse of token bridge signature verification bugs for investment withdrawal and initiation of flash loans that prompt smart contract exploits.
Investors have been urged to research on DeFi platforms, protocols, and smart contracts prior to making an investment and ensure audits on their DeFi platform of choice, as well as be more vigilant on investment pools with extremely short timeframes, as well as the risk from crowdsourced vulnerability identification and patching solutions.
BleepingComputer reports that individuals in the cryptocurrency industry are being targeted by the North Korean state-sponsored threat group Lazarus in a new macOS malware campaign leveraging fraudulent Crypto.com job offers in an effort to exfiltrate cryptocurrency and other digital assets.