BleepingComputer reports that the FBI has warned about the increasing exploitation of decentralized finance platforms' security vulnerabilities to facilitate cryptocurrency theft.
Ninety-seven percent of the nearly $1.3 billion in cryptocurrency stolen by threat actors from January to March 2022 were from DeFi platforms, compared with 72% and nearly 30% in 2021 and 2020, respectively, said the FBI in its Internet Crime Complaint Center advisory.
The FBI noted that several approaches have been leveraged by threat actors for DeFi-based cryptocurrency theft, including the abuse of token bridge signature verification bugs for investment withdrawal and initiation of flash loans that prompt smart contract exploits.
Investors have been urged to research on DeFi platforms, protocols, and smart contracts prior to making an investment and ensure audits on their DeFi platform of choice, as well as be more vigilant on investment pools with extremely short timeframes, as well as the risk from crowdsourced vulnerability identification and patching solutions.
Novel Go-based information stealer Aurora has been increasingly added by threat actors in their arsenal, with at least seven active cybercrime groups either leveraging the malware exclusively or alongside other info-stealers Raccoon and Redline, BleepingComputer reports.