‘It’s the Jungle’: Law enforcement is slowly waking up to the threat of DeFi exploits

In late August, the FBI issued a public service announcement about cybercrime vulnerability in DeFi, the growing crypto segment of financial applications backed by blockchain technology. Of the $1.3 billion stolen in cryptocurrencies in the first three months of 2022, 97% came from DeFi platforms.

The warning did nothing to deter cybercriminals, who next week launched flash lending attacks on the Avalanche blockchain and New Free DAO protocol totaling nearly $2 million. According to data from investment platform DeFiYield, $211 million was lost in decentralized finance hacks in August alone.

Cybersecurity experts say the timing of the FBI’s warning — several years after DeFi exploits began — illustrates how slow government agencies and tech solutions have been to catch up with vulnerabilities in the ecosystem.

“Law enforcement is reacting to what’s going on there,” said Chris Tarbell, a former FBI special agent who was instrumental in destroying the notorious Silk Road market. “It takes time because it’s such advanced technology.”

“Logical target”

According to the apocryphal story, a reporter once asked Willie Sutton why he robbed banks. “Because that’s where the money is,” he replied.

Michael Rosmer, CEO of DeFiYield, said the same logic attracts cybercriminals to the world of decentralized finance, where transactions are irreversible – unlike traditional banking – and law enforcement is still figuring it out. platform operation.

“Where can you go where you can steal very large sums of money without recourse?” Rosmer said Fortune. “That makes crypto a logical target until we can somehow turn around and come up with better systems to address this issue.”

According to data from DeFiYield, the $211 million lost last month is still a pittance compared to August 2021, when cybercriminals stole an estimated $827 million. Rosmer clarified that the decrease does not mean there is less of a threat, attributing the figure to the considerably lower market capitalization of the cryptocurrency industry, as well as the changing nature of DeFi hacks.

Previous exploits have targeted lending protocols, like the Binance Smart Chain-based protocol Meerkat Finance, which lost $31 million in user funds the day after it launched in 2021, as well as other complex DeFi tools like liquidity pools and automated market makers.

Rosmer said the main focus in 2022 is bridges, a type of technology that connects different blockchains, allowing users to move cryptocurrencies between chains. The biggest example of 2022 was the attack on popular gambling game Axie Infinity, which lost an estimated $620 million in March when cybercriminals targeted the bridge to its Ethereum-linked sidechain.

The attacks continued. Just last month, hackers exploited the Nomad Bridge, which connected blockchains such as Ethereum and Avalanche, for $190 million.

“It’s a difficult technical problem,” Rosmer said. Fortune. “The more value that is exchanged between two chains, the more attractive the pot is for you to want to attack it.”

Potential “hellish state”

Ryan Kalember, executive vice president of cybersecurity firm Proofpoint, said DeFi is in a tricky position where it’s attractive for cybercriminals to target, but not necessarily valuable enough for companies to develop sufficient defenses.

“You could end up with this hellish state where it’s not worth enough to be secure, but it’s still worth enough for cybercriminals to pursue,” he said.

The problem is exacerbated by the international nature of cybercrime, which makes it difficult for US-based law enforcement to operate. “If you can’t get Edward Snowden in Russia,” Rosmer said, “how are you going to get a guy who just stole $10 million from a DeFi protocol in Russia?”

Government agencies are beginning to develop new strategies, such as the US Treasury Department sanctioning open-source cryptocurrency mixer Tornado Cash, which cybercriminal organizations like North Korea’s Lazarus Group have used to launder hundreds of millions of dollars. , including august nomad vol.

Even so, officials are only just beginning to realize the threat. “It’s complicated, it’s new and it’s misunderstood, especially by law enforcement,” Kalember said.

Although Rosmer said the FBI warning was a step in the right direction, he was skeptical of its impact. For him, it is incumbent on technology companies like DeFiYield to strengthen security.

“It’s like the jungle”, he said Fortune. “We are working to try to make the jungle safe and turn it into a zoo.”

Sign up for the Makeshift Features mailing list so you don’t miss our biggest features, exclusive interviews and surveys.

About William G.

Check Also

Following Prosafe SE’s (OB:PRS) latest kr302m market cap drop, institutional owners may be forced to take tough action

To get an idea of ​​who actually controls Prosafe SE (OB:PRS), it is important to …