Hackers stealing cryptos

A strong avenue of earning money came to the umbrella of the hackers net. Applications (software) and devices can be hacked. Because private keys are stored in application and device wallets and hackers can access them and steal your cryptocurrency.

We have heard about Inverse Finance, a DeFi exchange that has again been hit with a flash loan attack in the starting of the year 2022. Inverse Finance is a Decentralised Finance (DeFi) platform that facilitates borrowing and the lending of cryptos. Flash loan attacks refer to a smart contract exploit when an attacker takes a flash loan (uncollateralized loan) from a DeFi platform, uses the capital that they borrowed and pays it back in the same transaction, causing the price of the crypto asset to rise and then quickly withdrawing their investments.

The U.S. Federal Bureau of Investigation (FBI) is warning investors that cybercriminals are increasingly exploiting security vulnerabilities in Decentralized Finance (DeFi) platforms to steal cryptocurrency. The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.

In a recent alert, published on the FBI's Internet Crime Complaint Center says that, out of roughly $1.3 billion in cryptocurrency stolen between January and March 2022, almost 97% of it was from DeFi platforms.

As per FBI's calculations, this amounts to a significant increase from 72% in 2021 and approximately 30% in 2020, respectively.

Attackers have used various methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms' smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments.

The agency has also observed cybercriminals manipulating crypto price pairs by exploiting chains of vulnerabilities, including the DeFi platforms' use of a single price oracle and then conducting leveraged trades to bypass slippage checks.

In most incidents, the attackers rely on exploiting security vulnerabilities in their code or a security breach on the platform, allowing them to siphon cryptocurrency to addresses under their control. According to Chainalysis, threat actors behind such attacks have laundered most of the stolen assets in 2022 using risky laundering services such as illegal exchanges and coin tumblers on the dark web.

This spikes as the Cyber criminals seek to take advantage of investors' increased interest in cryptocurrencies as well as the complexity of cross-chain functionality and open source nature of DeFi platforms.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA