At the end of August, the FBI issued a public service announcement on the susceptibility for cybercrime in DeFi (decentralized finance), the growing crypto segment of financial applications backed by blockchain technology. Of the $1.3 billion stolen in cryptocurrencies in the first three months of 2022, 97% came from DeFi platforms.
The warning did nothing to deter cybercriminals, who launched flash loan attacks on the Avalanche blockchain and the New Free DAO protocol the following week that totaled nearly $2 million. According to data from investment platform DeFiYield, $211 million was lost in decentralized finance hacks just in August.
Cybersecurity experts say the timing of the FBI warningseveral years after DeFi exploits beganillustrates how slow governmental agencies and technological solutions have been to catch up to the vulnerabilities of the ecosystem.
Law enforcement is reactionary to whats happening out there, said Chris Tarbell, the co-founder of the cybersecurity firm NAXO and a former FBI special agent who was instrumental in taking down the notorious Silk Road marketplace. It takes time because its such an advanced technology.
As the apocryphal story goes, a reporter once asked Willie Sutton why he robbed banks. Because thats where the money is, he replied.
Michael Rosmer, cofounder of DeFiYield, said the same logic attracts cybercriminals to the world of decentralized finance, where transactions are irreversibleunlike in traditional bankingand law enforcement is still figuring out how the platforms work.
Where else can you go where you can steal really large amounts of money with no recourse? Rosmer told Fortune. That makes crypto a logical target until we can somehow turn around and come up with better systems for addressing this.
According to DeFiYields data, the $211 million lost last month still pales in comparison to August 2021, when cybercriminals stole an estimated $827 million. Rosmer clarified that the decrease does not mean there is any less of a threat, attributing the figure to the cryptocurrency industrys vastly lower market cap, as well as the shifting nature of DeFi hacks.
Previous exploits targeted lending protocolslike Binance Smart Chainbased protocol Meerkat Finance, which lost $31 million in user funds the day after it launched in 2021as well as other complex DeFi tools like liquidity pools and automated market makers.
Rosmer said that the main target in 2022 has been bridges, a type of technology that connects different blockchains, allowing users to move cryptocurrencies among chains. The biggest example from 2022 was the attack on popular play-to-earn game Axie Infinity, which lost an estimated $620 million in March when cybercriminals targeted the bridge to its Ethereum-linked sidechain.
The attacks have continued. Just last month, hackers exploited the Nomad bridgewhich connected blockchains such as Ethereum and Avalanchefor $190 million.
This is a challenging technical problem, Rosmer told Fortune. The more value that is being exchanged between two chains, the more attractive the pot exists to make it so that you would want to attack it.
Ryan Kalember, an executive vice president at cybersecurity firm Proofpoint, said that DeFi is in a tricky position where its attractive for cybercriminals to target, but not necessarily valuable enough for companies to develop sufficient defenses.
You could end up with this hell-state where its not worth enough to secure, but its still worth enough for cybercriminals to go after it, he said.
The problem is exacerbated by the international nature of cybercrime, which makes it difficult for U.S.-based law enforcement to act. If you cant get Edward Snowden in Russia, said Rosmer, how are you going to get some guy who just stole $10 million from a DeFi protocol in Russia?
Governmental agencies are starting to figure out new strategies, such as the U.S. Department of the Treasury sanctioning the open-source cryptocurrency mixer Tornado Cash, which cybercriminal organizations like North Koreas Lazarus Group have used to launder hundreds of millions of dollars, including from Augusts Nomad heist.
Even so, officials are just starting to wake up to the threat. Its complicated, its new, and its poorly understood, especially by law enforcement, Kalember said.
While Rosmer said that the FBI warning was a step in the right direction, he was skeptical it would have much of an impact. For him, the onus is on technology companies like DeFiYield to ramp up security.
This is like the jungle, he told Fortune. We are working on trying to make the jungle safe and turn it into a zoo.
Sign up for theFortune Features email list so you dont miss our biggest features, exclusive interviews, and investigations.
Read the original here:
This is the jungle: Law enforcement slowly waking up to the threat of DeFi exploits - Fortune
- NSA surveillance exposed by Snowden ruled unlawful - BBC - May 25th, 2024
- Can Edward Snowden Become the Next CEO of Twitter? Elon Musk is Ready to Give Up - Analytics Insight - May 15th, 2024
- Edward Snowden Weighs In On Boeing Whistleblower's Death With Cryptic Message: 'If I Die, It Wasn't Suicide' - TradingView - March 21st, 2024
- Edward Snowden Calls Bitcoin 'Most Significant Monetary Advance Since the Creation of Coinage' Featured Bitcoin ... - Bitcoin.com News - February 25th, 2024
- Edward Snowden: Bitcoin 'Most Significant Monetary Advance Since the Creation of Coinage' - Decrypt - February 25th, 2024
- Edward Snowden's Ominous Warning to the World - Newsweek - January 15th, 2024
- Edward Snowden Says Institutions 'Burning The Public's Faith' At Time When AI Can Replace Them: 'A Revolu - Benzinga - January 15th, 2024
- Edward Snowden: Bitcoin Safeguard for Pensions and Retirement - CoinGape - January 15th, 2024
- Edward Snowden and Jack Dorsey Are Both Asking the Same Question: What Happened in 1971? - Foundation for Economic Education - December 11th, 2023
- Edward Snowden - Simple English Wikipedia, the free encyclopedia - October 27th, 2023
- Edward Snowden On The NSA, His Book 'Permanent Record' And Life In ... - April 17th, 2023
- 209-359-17.. located in Merced.. Find Info before it disappears... - April 17th, 2023
- Edward Snowden gets Russian passport after swearing oath of allegiance ... - April 8th, 2023
- Edward Snowden - Education, Movie & Documentary - Biography - March 5th, 2023
- Before sending a voice message, ask if you could say it in writing: How to stop the avalanche of WhatsApp audios - EL PAS USA - February 25th, 2023
- Entertainment News Roundup: Sean Penn film 'Superpower' catches Zelenskiy at moment of Russian invasion; And the winner is... London rolls out red... - February 25th, 2023
- Edward Snowden Reacts To Elon Musk's 'Pardon' Poll: 'That's A Very Big ... - January 6th, 2023
- NSA files decoded: Edward Snowden's surveillance revelations explained ... - December 20th, 2022
- Edward Snowden says he feels itch to scale back in to $16.5K Bitcoin - December 20th, 2022
- Edward Snowden Offers to Take Over as Twitter CEO for Salary in ... - Investing.com - December 20th, 2022
- Where is Edward Snowden? | The Sun - November 25th, 2022
- Edward Snowden, Elon Musk Optimistic About Bitcoin Despite FTX Collapse - Crypto Briefing - November 17th, 2022
- Snowden's newfound Russian citizenship reignites the debate of privacy versus safety in the US - Tufts Daily - October 15th, 2022
- Whistleblower behind Luanda Leaks, Malta Files and Football Leaks on trial - The Shift News - October 15th, 2022
- 'All The Beauty And The Bloodshed' Trailer: Laura Poitras' Golden Lion Winner Hits US Theaters Later This Fall - The Playlist - October 15th, 2022
- NYFF 2022: No Bears, R.M.N., All the Beauty and the Bloodshed | Festivals & Awards - Roger Ebert - October 15th, 2022
- From Bin Laden to Al Zawahiri: The evolution of Americas Targeted Killing Strategy - Indian Defence Review - October 15th, 2022
- Arundhati Roy on Things that Can and Cannot Be Said: The Dismantling of the World as We Know It - LiveWire - October 7th, 2022
- Billion Dollar Harvest: TikTok's Threat to National and Personal Security MARIST CIRCLE - Marist College The Circle - October 7th, 2022
- 'All the Beauty and the Bloodshed' Review: Politics of the Personal - slantmagazine - September 21st, 2022
- Congressional inquiry reveals secret Customs and Border Protection database of U.S. phone records - CyberScoop - September 21st, 2022
- The Most Controversial Biopics - IndieWire - September 21st, 2022
- VIDEO: Priyanka Chopra celebrated her husband Nick Jonas' birthday like this at the golf course, wrote - News84Media.com - September 21st, 2022
- From Bin Laden to Al Zawahiri: The evolution of Americas targeted killing strategy - MyVoice - September 21st, 2022
- At German artist Thomas Demands MOCA exhibit, finding the material in the ephemeral - Toronto Star - September 21st, 2022
- Icarus: The Aftermath Review: A Tense and Affecting Real-Life Sequel - Hollywood Reporter - September 13th, 2022
- Fourth Amendment: The right to be left alone - Minot Daily News - September 13th, 2022
- Opinion | It Is Time to Throw the Monarchies of the World Into the Dustbin of History - Common Dreams - September 13th, 2022
- Do the FBI monitor peoples social media activity and online posts? Is it legal? - AS USA - September 5th, 2022
- Is Trump the Rosenbergs? - JNS.org - JNS.org - September 5th, 2022
- The Patriot Act: Mass Surveillance Before and After 9/11 - Privacy News Online - September 5th, 2022
- Can code just be 'disappeared' from the internet? - POLITICO - August 28th, 2022
- The Tech Industry Is in Its Whistleblower Era - The Atlantic - August 28th, 2022
- History As It Happens: The Espionage Act's sordid origins - Washington Times - August 28th, 2022
- The inside story of the CIA vs Russia - Asia Times - August 28th, 2022
- 'The rebels were sent to a lunatic asylum': These films end differently in China - Euronews - August 28th, 2022
- Erik Prince wants to sell you a secure smartphone thats too good to be true - MIT Technology Review - August 20th, 2022
- Judge orders DoJ to produce redacted version of affidavit in state secrets investigation of Trump - WSWS - August 20th, 2022
- How to Use the Signal App: Tips & Tricks - Online Tech Tips - August 20th, 2022
- Ruling Class Turns On Conservative Americans - The American Conservative - August 20th, 2022
- Signal Reveals Over 1900 Users Were Affected in a Recent Phishing Attack - Appuals - August 20th, 2022
- Despite resistance, WikiLeaks continues its fight for the truth - Independent Australia - August 20th, 2022
- The Republican party has reason to fear the midterms - The Guardian - August 20th, 2022
- Government pays arms firm that spied on activists to snoop on all our internet records - The Canary - August 20th, 2022
- Why is Australia risking conflict with China? - Asia Times - August 20th, 2022
- Edward Snowden, Russia's 'Disinformation Campaign' Drive 'Downhill' Narrative, Says 'Black Swan' Author - Benzinga - August 12th, 2022
- What Does All This TV Talk on Big Ten Do for Big 12 and Oklahoma State? - Pokes Report - August 12th, 2022
- From Defending the Open Internet to Confronting the Reality of a Fragmented Cyberspace: Reflecting Upon Two CFR Reports on U.S. Goals in Cyberspace -... - August 12th, 2022
- US Vows To "aggressively Pursue" Cryptocurrency Mixers - Nation World News - August 12th, 2022
- After cryptos crash and NFTs collapse, Web3 idealists race to prove that the dream of decentralization isnt dead - Fortune - August 12th, 2022
- Prescribing a New Paradigm for Cyber Competition - War on the Rocks - August 12th, 2022
- What is Monero (XMR) Crypto? Is Edward Snowden Behind This Project too? - CryptoTicker.io - Bitcoin Price, Ethereum Price & Crypto News - August 4th, 2022
- Russian hackers get the headlines. But China is the bigger threat to many US enterprises. - Protocol - August 4th, 2022
- Why Is July 30th National Whistleblower Day? - Privacy News Online - August 4th, 2022
- I may have to wait until I'm on my deathbed Panama Papers whistleblower - Namibian - August 4th, 2022
- Whatever Happened to the Transhumanists? - Gizmodo Australia - August 4th, 2022
- Julian Assange? Heres why I am not a fan of his - The Citizen - August 4th, 2022
- Who Is Edward Snowden, the Man Who Spilled the NSA's Secrets? - July 26th, 2022
- Why so silent? Edward Snowden has gone underground since Russia's ... - July 26th, 2022
- Kids spend the summer in STEM camp - Marketplace - July 26th, 2022
- Thomas Demand: The Stutter of History - Announcements - E-Flux - July 26th, 2022
- Empire of Hacking: U.S. is the Biggest Threat to Cyber Security - Xinhua - July 26th, 2022
- Edward Snowden Says 'We Are All Going To Be Billionaires' But... - Benzinga - Benzinga - July 18th, 2022
- Joshua Schulte convicted on all counts in second trial over 2017 leak of Vault 7 cyberwarfare trove published by WikiLeaks - WSWS - July 18th, 2022
- SMITHEREENS: Reflections on Bits & Pieces:SMITHERMATAZ. Category: Public Comment from The Berkeley Daily Planet - Berkeley Daily Planet - July 18th, 2022
- Full Text of All Articles The Berkeley Daily Planet - Berkeley Daily Planet - July 18th, 2022
- As Bear Market Turns All Eyes to Utility, Privacy Stands Poised To Lead Next Crypto Breakout - The Daily Hodl - July 18th, 2022
- Yes, data centers use a lot of water. But a Utah company shows it doesn't have to be that way. - Salt Lake Tribune - July 18th, 2022
- Edward Snowden - National Whistleblower Center - July 9th, 2022
- Commentary: The fight against excessive surveillance continues in Maine and across the country - Press Herald - July 9th, 2022