Skip to main content

The FBI has taken notice of the vulnerabilities in smart contracts amid a surge of cyber criminals targeting DeFi protocols and warned investors to only work with projects that independently audit their code.

“A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance,” the FBI said.

Learn how smart money is playing the crypto game. Subscribe to our premium newsletter - Crypto Investor.

 A Chainalysis report indicated that 97% of thefts this year targeted DeFi platforms, resulting in nearly $1.7 billion of losses this year.

“Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit,” the FBI added, underlining the risks from crowdsourced solutions for security. The law enforcement agency was particularly concerned about open-source code repositories that gave wide access to criminals.

The FBI recommended that DeFi platforms regularly test and assess code to rapidly detect security vulnerabilities and inform users, while relying on "real-time analytics" to improve monitoring. Prior to investment, they also said users should research DeFi projects thoroughly and carve out an incident response plan to properly alert investors when security is breached.

There have been several high-profile examples of hacks earlier this year, ranging from a nearly $320 million signature verification hack and a flash loan hack of a smart contract that saw DeFi developers fleeced of approximately $3 million.

The FBI said anyone who may be a victim of a crime should contact their Internet Crime Complaint Center.