Hitting the Books: How Southeast Asia’s largest bank uses AI to fight financial fraud

Yes, robots are coming to take our jobs. That's a good thing, we should be happy they are because those jobs they're taking kinda suck. Do you really want to go back to the days of manually monitoring, flagging and investigating the world's daily bank transfers in search of financial fraud and money laundering schemes? DBS Bank, Singapore's largest financial institution, certainly doesn't. The company has spent years developing a cutting-edge machine learning system that heavily automates the minutia-stricken process of "transaction surveillance," freeing up human analysts to perform higher level work while operating in delicate balance with the antique financial regulations that bound the industry. It's fascinating stuff. Working with AI by Thomas H. Davenport and Steven M. Miller is filled with similar case studies from myriad tech industries, looking at commonplace human-AI collaboration and providing insight into the potential implications of these interactions. 

Working with AI cover
MIT Press

Excerpted from Working with AI: Real Stories of Human-Machine Collaboration by Thomas H. Davenport and Steven M. Miller. Reprinted with permission from The MIT Press. Copyright 2022.


DBS Bank: AI-Driven Transaction Surveillance

Since the passage of the Bank Secrecy Act, also known as the Currency and Foreign Transactions Reporting Act, in the US in 1970, banks around the world have been held accountable by governments for preventing money laundering, suspicious cross-border flows of large amounts of money, and other types of financial crime. DBS Bank, the largest bank in Singapore and in Southeast Asia, has long had a focus on anti-money laundering (AML) and financial crime detection and prevention. According to a DBS executive for compliance, “We want to make sure that we have tight internal controls within the bank so the perpetrators, money launderers, and sanctions evaders do not penetrate into the financial system, either through our bank, through our national system, or internationally.”

The Limitations of Rule-Based Systems for Surveillance Monitoring

As at other large banks, the area of DBS that focuses on these issues, called “transaction surveillance,” has taken advantage of AI for many years to do this type of work. The people in this function evaluate alerts raised by a rule-based system. The rules assess transaction data from many different systems across the bank, including those for consumers, wealth management, institutional banking, and their payments. These transactions all flow through the rule-based system for screening, and the rules flag transactions that match conditions associated with an individual or entity doing suspicious transactions with the bank—those involving a potential money laundering event, or another type of financial fraud. Rule-based systems—in the past known as “expert systems” — are one of the oldest forms of AI, but they are still widely used in banking and insurance, as well as in other industries.

At DBS and most other banks across the world, rule-based financial transaction surveillance systems of this sort generate a large number of alerts every day. The primary shortcoming of rule-based surveillance systems is that most — up to 98 percent — of the alerts generated are false positives. Some aspect of the transaction triggers a rule that leads the transaction to be flagged on the alert list. However, after follow-up investigation by a human analyst, it turns out that the alerted transaction is actually not suspicious.

The transaction surveillance analysts have to follow up on every alert, looking at all the relevant transaction information. They must also consider the profiles of the individuals involved in the transaction, their past financial behaviors, whatever they have declared in “know your customer” and customer due diligence documents, and anything else the bank might know about them. Following up on alerts is a time-intensive process.

If the analyst confirms that a transaction is justifiably suspicious or verified as fraud, the bank has a legal obligation to issue a Suspicious Activity Report (SAR) to the appropriate authorities. This is a high-stakes decision, so it is important for the analyst to get it right: if incorrect, law-abiding bank customers could be incorrectly notified that they are being investigated for financial crimes. On the other side, if a “bad actor” is not detected and reported, it could lead to problems related to money laundering and other financial crimes.

For now at least, rule-based systems can’t be eliminated because the national regulatory authorities in most countries still require them. But DBS executives realized there are many additional sources of internal and external information available to them that, if used correctly, could be applied to automatically evaluate each alert from the rule-based system. This could be done using ML, which can deal with more complex patterns and make more accurate predictions than rule-based systems.

Using the New Generation of AI Capabilities to Enhance Surveillance

A few years ago, DBS started a project to apply the new generation of AI/ML capabilities in combination with the existing rule-based screening system. The combination would enable the bank to prioritize all the alerts generated by the rule-based system according to a numerically calculated probability score indicating the level of suspicion. The ML system was trained to recognize suspicious and fraudulent situations from recent and historical data and outcomes. At the time of our interviews, the new ML-based filtering system had been in use for just over one year. The system reviews all the alerts generated by the rule-based system, assigns each alert a risk score, and categorizes each alert into higher-, medium-, and lower-risk categories. This type of “post-processing” of the rule-based alerts enables the analyst to decipher which ones to prioritize immediately (those in the higher- and medium-risk categories) and which ones can wait (those in the lowest-risk category). An important capability of this ML system is that it has an explainer that shows the analyst the evidence used in making the automated assessment of the probability that the transaction is suspicious. The explanation and guided navigation given by the AI/ML model helps the analyst make the right risk decision.

DBS also developed other new capabilities to support the investigation of alerted transactions, including a Network Link Analytics system for detecting suspicious relationships and transactions across multiple parties. Financial transactions can be represented as a network graph showing the people or accounts involved as nodes in the network and any interactions as the links between the nodes. This network graph of relationships can be used to identify and further assess suspicious patterns of financial inflows and outflows.

In parallel, DBS has also replaced a labor-intensive approach to investigation workflow with a new platform that automates for the analyst much of the support for surveillance-related investigation and case management. Called CRUISE, it integrates the outputs of the rule-based engine, the ML filter model, and the Network Link Analytics system.

Additionally, the CRUISE system provides the analyst with easy and integrated access to the relevant data from across the bank needed to follow up on the transactions the analyst is investigating. Within this CRUISE environment, the bank also captures all the feedback related to the analyst’s work on the case, and this feedback helps to further improve DBS’s systems and processes.

Impact on the Analyst

Of course, these developments make analysts much more efficient in reviewing alerts. A few years ago, it was not uncommon for a DBS transaction surveillance analyst to spend two or more hours looking into an alert. This time included the front-end preparation time to fetch data from multiple systems and to manually collate relevant past transactions, and the actual analysis time to evaluate the evidence, look for patterns, and make the final judgment as to whether or not the alert appeared to be a bona fide suspicious transaction.

After the implementation of multiple tools, including CRUISE, Network Link Analytics, and the ML-based filter model, analysts are able to resolve about one-third more cases in the same amount of time. Also, for the high-risk cases that are identified using these tools, DBS is able to catch the “bad actors” faster than before. 

Commenting on how this differs from traditional surveillance approaches, the DBS head of transaction surveillance shared the following:

Today at DBS, our machines are able to gather the necessary support data from various sources across the bank and present it on the screen of our analyst. Now the analyst can easily see the relevant supporting information for each alert and make the right decision without searching through sixty different systems to get the supporting data. The machines now do this for the analyst much faster than a human can. It makes the life of the analysts easier and their decisions a lot sharper.

In the past, due to practical limitations, transaction surveillance analysts were able to collect and use only a small fraction of the data within the bank that was relevant to reviewing the alert. Today at DBS, with our new tools and processes, the analyst is able to make decisions based on instant, automatic access to nearly all the relevant data within the bank about the transaction. They see this data, nicely organized in a condensed manner on their screen, with a risk score and with the help of an explainer that guides them through the evidence that led to the output of the model.

DBS invested in a skill set “uplift” across the staff who were involved in creating and using these new surveillance systems. Among the staff benefiting from the upskilling were the transaction surveillance analysts, who had expertise in detecting financial crimes and were trained in using the new technology platform and in relevant data analytics skills. The teams helped design the new systems, beginning with the front-end work to identify risk typologies. They also provided inputs to identify the data that made most sense to use, and where automated data analytics and ML capabilities could be most helpful to them.

When asked how the systems would affect human transaction analysts in the future, the DBS compliance executive said:

Efficiency is always important, and we must always strive for higher levels of it. We want to handle the transaction-based aspects of our current and future surveillance workload with fewer people, and then reinvest the freed- up capacity into new areas of surveillance and fraud prevention. There will always be unknown and new dimensions of bad financial behavior and bad actors, and we need to invest more time and more people into these types of areas. To the extent that we can, we will do this through reinvesting the efficiency gains we achieve within our more standard transaction surveillance efforts.

The Next Phase of Transaction Surveillance

The bank’s overall aspiration is for transaction surveillance to become more integrated and more proactive. Rather than just relying on alerts generated from the rule-based engine, executives want to make use of multiple levels of integrated risk surveillance to monitor holistically from “transaction to account to customer to network to macro” levels. This combination would help the bank find more bad actors, and to do so more effectively and efficiently. The compliance executive elaborated:

It is important to note that money launderers and sanctions evaders are always finding new ways of doing things. Our people need to work with our technology and data analytics capabilities to stay ahead of these emerging threats. We want to free up the time our people have been spending on the tedious, manual aspects of reviewing alerts, and use that time to keep pace with the emerging threats.

Human analysts will continue to play an important role in AML transaction surveillance, though the way they use their time and their human expertise will continue to evolve.

The compliance executive also shared a perspective on AI: “It’s really augmented intelligence, rather than automated AI in risk surveillance. We do not think we can remove human judgment from the final decisions because there will always be a subjective element to evaluations of what is and is not suspicious in the context of money laundering and other financial crimes. We cannot eliminate this subjective element, but we can minimize the manual work that the human analyst does as part of reviewing and evaluating the alerts.”

Lessons We Learned from This Case

  • An automated system that generates large numbers of alerts most of which turn out to be false positives does not save human labor.

  • Multiple types of AI technology (in this case, rules, ML, and Network Link Analytics) can be combined to improve the capabilities of the system.

  • Companies may not reduce the number of people doing a job even when the AI system substantially improves the efficiency of doing it. Rather, employees can use the freed-up time to work on new and higher-valued tasks in their jobs.

  • Because there will always be subjective elements in the evaluation of complex business transactions, human judgment may not be eliminated from the evaluation process.

Peloton’s connected Bike rentals are now available across 48 states

Peloton is expanding a rental program for its Bike and Bike+ fitness equipment. Now, anyone in the contiguous US (sorry, Alaska and Hawaii) can try one of the connected exercise bikes at home without having to shell out at least $1,445. The company started testing the program in select markets earlier this year. It's worth noting that the rentals may still not be available in some remote locations.

A Bike rental costs $89 per month, while Bike+ costs $119 per month. You'll need to pay a $150 setup fee as well. Both options include an All Access Membership, which features Peloton's swathe of live and on-demand fitness classes. You can return the equipment for free at any time. After 12 months, you'll be able to buy the Bike or Bike+ at a reduced rate ($895 and $1,595, respectively).

News of broader availability of the rental program comes after it emerged that two of Peloton's co-founders are departing the company. As CNBC notes, John Foley is stepping down as executive chairman. Karen Boone will take over as the chair of the board. Chief legal officer Hisao Kushi, another co-founder, is leaving and will be replaced by Tammy Albarrán, Uber's chief deputy general counsel.

Additionally, chief commercial officer Kevin Cornils, who joined Peloton in 2018, will move on later this month amid a broader organizational shakeup. Chief strategy officer Dion Sanders will take on many of Cornils' duties in a new role as chief emerging business officer.

These executive changes are the latest developments in a turbulent year for Peloton as CEO Barry McCarthy tries to resolve the company's woes. Just as McCarthy took over the position from Foley earlier this year, Peloton laid off around 2,800 workers. In July, Peloton let go around 570 employees in Taiwan amid a shift away from in-house manufacturing, and last month, the company cut another 784 jobs in the distribution and customer service departments. It will rely on third-party companies for deliveries.

Whether McCarthy's ambitious plan to steady the Peloton ship pays off remains to be seen. It's been a rough year financially for the company to say the least. McCarthy told shareholders last month that, despite incurring an operating loss of $1.2 billion last quarter, he sees "significant progress driving our comeback and Peloton’s long-term resilience."

McCarthy said this week that Peloton would start selling its products in some brick-and-mortar stores after announcing the closure of many of the company's own retail locations. It recently listed its equipment on Amazon for the first time. McCarthy also mused on making it easier for people to access third-party content on Peloton's displays, something that's already possible to do by jailbreaking the device.

Peloton’s connected Bike rentals are now available across 48 states

Peloton is expanding a rental program for its Bike and Bike+ fitness equipment. Now, anyone in the contiguous US (sorry, Alaska and Hawaii) can try one of the connected exercise bikes at home without having to shell out at least $1,445. The company started testing the program in select markets earlier this year. It's worth noting that the rentals may still not be available in some remote locations.

A Bike rental costs $89 per month, while Bike+ costs $119 per month. You'll need to pay a $150 setup fee as well. Both options include an All Access Membership, which features Peloton's swathe of live and on-demand fitness classes. You can return the equipment for free at any time. After 12 months, you'll be able to buy the Bike or Bike+ at a reduced rate ($895 and $1,595, respectively).

News of broader availability of the rental program comes after it emerged that two of Peloton's co-founders are departing the company. As CNBC notes, John Foley is stepping down as executive chairman. Karen Boone will take over as the chair of the board. Chief legal officer Hisao Kushi, another co-founder, is leaving and will be replaced by Tammy Albarrán, Uber's chief deputy general counsel.

Additionally, chief commercial officer Kevin Cornils, who joined Peloton in 2018, will move on later this month amid a broader organizational shakeup. Chief strategy officer Dion Sanders will take on many of Cornils' duties in a new role as chief emerging business officer.

These executive changes are the latest developments in a turbulent year for Peloton as CEO Barry McCarthy tries to resolve the company's woes. Just as McCarthy took over the position from Foley earlier this year, Peloton laid off around 2,800 workers. In July, Peloton let go around 570 employees in Taiwan amid a shift away from in-house manufacturing, and last month, the company cut another 784 jobs in the distribution and customer service departments. It will rely on third-party companies for deliveries.

Whether McCarthy's ambitious plan to steady the Peloton ship pays off remains to be seen. It's been a rough year financially for the company to say the least. McCarthy told shareholders last month that, despite incurring an operating loss of $1.2 billion last quarter, he sees "significant progress driving our comeback and Peloton’s long-term resilience."

McCarthy said this week that Peloton would start selling its products in some brick-and-mortar stores after announcing the closure of many of the company's own retail locations. It recently listed its equipment on Amazon for the first time. McCarthy also mused on making it easier for people to access third-party content on Peloton's displays, something that's already possible to do by jailbreaking the device.

Signal makes Google strike organizer Meredith Whittaker its first president

Privacy-focused messaging app Signal has hired former Google manager and tech critic Meredith Whittaker as its first president, it announced in a blog post. She's already on the board of directors, along with WhatsApp founder, interim CEO and Facebook critic Brian Acton and former CEO/encryption evangelist Moxie Marlinspike. Her focus, she said, will be on strategy, communication and the foundation's long-term financial health.

"I will be working with Signal’s CEO and leadership, with a particular focus on guiding Signal’s strategy, ensuring our financial sustainability, sharpening and broadening Signal’s public communications, and whatever else is needed to strengthen the app and the org," she said. Whittaker will also aid in the search for a permanent CEO to replace Acton.

Whittaker rose to prominence as the founder of Google's Open Research Group and organizer of a walkout after it emerged that Google had paid off executives accused of sexual harassment, including Andy Rubin. She left the search giant in 2019, and went on to form the AI Now Institute at NYU, aiming to "ensure that AI systems are accountable to the communities and contexts in which they’re applied," according to its mission statement. She's also a senior adviser on AI to the Federal Trade Commission and joined the Signal Foundation's board in 2020.

Signal currently counts over 140 million users after receiving a significant boost following a backlash against WhatsApp's privacy policy changes last year. Along with Firefox, Signal is one of the few apps committed to privacy rather than revenue via data collection. To that end, Whittaker plans to focus on maintaining the company's health via small donations from millions of users who "kick in a little bit," she told The Washington Post. "We do have growth goals, but they are driven by our mission, not by a desire for profit," she added.

Update 9/7/2022 11:48 AM ET: The post has been updated with the correct spelling of Meredith Whittaker's name. Our apologies for the error. 

Snap confirms it’s laying off around 1,300 employees

Snap has confirmed reports that it will lay off around 20 percent of its employees — approximately 1,300 people — to reduce costs. The company has also canceled most original Snapchat shows (save for the long-running politics and news series Good Luck America) and shelved other projects. For one thing, Snap said it's putting games and mini-apps into maintenance mode. It will also sunset the standalone Zenly and Voisey apps to focus on Snapchat's Snap Map and Sounds features.

On the hardware front, Snap is "narrowing our investment scope in Spectacles to focus on highly differentiated long-term research and development efforts." In addition, the company has halted further development of its Pixy selfie drone only a few months after it started selling the device.

Snap said in a note to investors that the layoffs, project cancellations and other restructuring will save the company approximately $500 million in the annualized cash cost structure relative to the April-June quarter (for which Snap posted lackluster earnings results). The figure includes a $50 million reduction in content costs. The restructuring costs will be around $110 million to $175 million. Approximately $95 million to $135 million of that will likely be incurred in adjusted operating expenses, mostly in the current quarter.

"Unfortunately, given our current lower rate of revenue growth, it has become clear that we must reduce our cost structure to avoid incurring significant ongoing losses," Snap CEO Evan Spiegel wrote in a letter to staff. "While we have built substantial capital reserves, and have made extensive efforts to avoid reductions in the size of our team by reducing spend in other areas, we must now face the consequences of our lower revenue growth and adapt to the market environment."

Speigel noted that the company is restructuring around three pillars: community growth, revenue growth and augmented reality. "Projects that don’t directly contribute to these areas will be discontinued or receive substantially reduced investment," he added. 

Snap has been feeling the brunt of a broader economic slow down. Its share price has slumped by 80 percent this year (though it rebounded slightly following news of the layoffs and restructuring). So far in 2022, the company's year-over-year revenue growth is eight percent, which Speigel said is "well below what we were expecting earlier this year." However, the Snapchat+ subscription service is off to a positive start, with more than a million users signing up within the first month or so.

Meanwhile, company's leadership team has a fresh look. This week, its two top advertising executives departed for Netflix, which will soon start offering an ad-supported tier. Snap has promoted its former senior vice president of engineering Jerry Hunter to the position of chief operating officer. It will also bring in Ronan Harris, Google's UK and Ireland vice president and managing director, as president of its Europe, Middle East and Africa division.

Crypto.com refunded someone $7.2 million by mistake

When Australian woman Thevamanogari Manivel put in a Crypto.com refund request last year, she got far more than she bargained for. Manivel asked for a refund of $100 AUD (now worth around $68 USD). Instead, seemingly due to an employee entering her account number into a payment section of a refund form by mistake, the company dropped $10.5 million AUD ($7.2 million at current exchange rates) into her account instead.

According to a report from 7News (by way of The Verge) Crypto.com made the overly generous refund in May last year. However, it apparently did not identify the mistake until it carried out an audit in December, seven entire Gregorian calendar months later.

Manivel kept the money and reportedly transferred it to a bank account. A court granted Crypto.com a freeze on the account in February. The Guardian reports that most of the cash had been moved to other accounts by then, but those accounts were later frozen too. That same month, Manivel is said to have spent $1.35 million AUD (approximately $890,000) on a five-bedroom home and transferred ownership of it to her sister. A court has ordered the sale of the property as soon as possible and for the funds to be returned to Crypto.com with interest. The case will return to court in October.

Perhaps not too long ago, Crypto.com might have been more willing to write off the refund as a deeply unfortunate mistake. But the cryptocurrency market has been tanking this year and the company lost $34 million in a January hack. It also laid off hundreds of employees this summer due to the crypto downturn.

So, it's perhaps not too surprising that Crypto.com is trying to get the money back from Manivel. After all, it has a long-term arena sponsorship deal in Los Angeles, for which it's said to be paying $700 million over 20 years, and a Matt Damon to keep fed.

Crypto.com refunded someone $7.2 million by mistake

When Australian woman Thevamanogari Manivel put in a Crypto.com refund request last year, she got far more than she bargained for. Manivel asked for a refund of $100 AUD (now worth around $68 USD). Instead, seemingly due to an employee entering her account number into a payment section of a refund form by mistake, the company dropped $10.5 million AUD ($7.2 million at current exchange rates) into her account instead.

According to a report from 7News (by way of The Verge) Crypto.com made the overly generous refund in May last year. However, it apparently did not identify the mistake until it carried out an audit in December, seven entire Gregorian calendar months later.

Manivel kept the money and reportedly transferred it to a bank account. A court granted Crypto.com a freeze on the account in February. The Guardian reports that most of the cash had been moved to other accounts by then, but those accounts were later frozen too. That same month, Manivel is said to have spent $1.35 million AUD (approximately $890,000) on a five-bedroom home and transferred ownership of it to her sister. A court has ordered the sale of the property as soon as possible and for the funds to be returned to Crypto.com with interest. The case will return to court in October.

Perhaps not too long ago, Crypto.com might have been more willing to write off the refund as a deeply unfortunate mistake. But the cryptocurrency market has been tanking this year and the company lost $34 million in a January hack. It also laid off hundreds of employees this summer due to the crypto downturn.

So, it's perhaps not too surprising that Crypto.com is trying to get the money back from Manivel. After all, it has a long-term arena sponsorship deal in Los Angeles, for which it's said to be paying $700 million over 20 years, and a Matt Damon to keep fed.

Sony and Tencent now own almost a third of ‘Elden Ring’ studio FromSoftware

Sony has joined forces with Tencent to purchase a 30.34 percent share of FromSoftware, the developer behind titles like Elden Ring, Dark Souls 3 and Bloodborne. Tencent's Sixjoy Hong Kong division will own 16.25 percent of FromSoftware's shares, Sony will take a 14.09 percent interest and parent Kadokawa Group will remain the largest shareholder with a 69.66 percent stake. Tencent already has an investment in Kadokawa from last year.

FromSoftware might not be a developer that's on the tip of your tongue, but it has an impressive catalog. Elden Ring has been the top selling game of 2022 to date, with sales of 12 million copies in the first 18 days alone. Along with Bloodborne and the Dark Souls franchise, it has also produced the PSVR mystery adventure Déraciné and Sekiro: Shadows Die Twice

The company plans to use the funds raised (36.4 billion yen or $262 million) to strengthen its relationship with Sony, create new IP and expand its ability to publish globally. Elden Ring is the company's biggest hit to date, but it's published outside of Japan by Bandai Namco. Earlier this year, FromSoftware and Bandai Namco called Elden Ring the start of a "new franchise" and announced efforts to "expand the brand beyond the game itself and into everyone's daily life." 

While Microsoft has grabbed most of the headlines with its (still-pending) Activision Blizzard acquisition, Sony has been snapping up studios as well. It recently completed a $3.6 billion deal to buy Halo and Destiny developer Bungie Games, along with God of War co-development studio Valkyrie and Jade Raymond's Haven Studios. Considering the success of Elden Ring, its stake in FromSoftware seems like a relative bargain. 

Sony and Tencent now own almost a third of ‘Elden Ring’ studio FromSoftware

Sony has joined forces with Tencent to purchase a 30.34 percent share of FromSoftware, the developer behind titles like Elden Ring, Dark Souls 3 and Bloodborne. Tencent's Sixjoy Hong Kong division will own 16.25 percent of FromSoftware's shares, Sony will take a 14.09 percent interest and parent Kadokawa Group will remain the largest shareholder with a 69.66 percent stake. Tencent already has an investment in Kadokawa from last year.

FromSoftware might not be a developer that's on the tip of your tongue, but it has an impressive catalog. Elden Ring has been the top selling game of 2022 to date, with sales of 12 million copies in the first 18 days alone. Along with Bloodborne and the Dark Souls franchise, it has also produced the PSVR mystery adventure Déraciné and Sekiro: Shadows Die Twice

The company plans to use the funds raised (36.4 billion yen or $262 million) to strengthen its relationship with Sony, create new IP and expand its ability to publish globally. Elden Ring is the company's biggest hit to date, but it's published outside of Japan by Bandai Namco. Earlier this year, FromSoftware and Bandai Namco called Elden Ring the start of a "new franchise" and announced efforts to "expand the brand beyond the game itself and into everyone's daily life." 

While Microsoft has grabbed most of the headlines with its (still-pending) Activision Blizzard acquisition, Sony has been snapping up studios as well. It recently completed a $3.6 billion deal to buy Halo and Destiny developer Bungie Games, along with God of War co-development studio Valkyrie and Jade Raymond's Haven Studios. Considering the success of Elden Ring, its stake in FromSoftware seems like a relative bargain. 

FBI says investors should take precautions before putting money into decentralized finance platforms

Cybercriminals are increasingly exploiting security flaws in smart contracts to steal cryptocurrency, according to the Federal Bureau of Investigation. In an advisory it published on Monday (via Bleeping Computer), the agency warned investors of a significant uptick in attacks targeting decentralized finance platforms.

Between January and March of this year, hackers stole $1.3 billion worth of cryptocurrencies, with almost 97 percent of that money coming from DeFi platforms, the FBI said citing data from Chainalysis. That’s an increase from both 2021 and 2020 when DeFi-related thefts represented 72 percent and 30 percent the source of all stolen crypto. The agency has seen criminals employ a variety of methods to fleece DeFi platforms. In one case, hackers employed a so-called flash loan attack to steal approximately $3 million worth of cryptocurrencies. In a separate attack targetting a signature verification vulnerability in a platform’s token bridge, cybercriminals made off with $320 million.

DeFi chart
Chainanalysis

Many of the most prolific hacks in recent months fall into those categories of attacks. For instance, the largest crypto heist ever saw the Lazarus Group, a North Korean state-sponsored hacking collective, target Axie Infinity. The group reportedly exploited a backdoor in a Remote Procedure Call node from Axie creator Sky Mavis to forge fake withdrawals using compromised private keys. More recently, a hacking “free-fo-all” saw Nomad bridge users lose $200 million worth of crypto due to a misconfiguration.

The FBI recommends investors take a handful of precautions before risking their money with a DeFi platform. You should research the platform you want to invest in, as well as the details of the smart contract they employ. Additionally, only put money down on a firm or company that has paid for independent code audits. You also want to avoid investment pools with extremely limited timeframes to join.

"Cyber criminals seek to take advantage of investors' increased interest in cryptocurrencies, as well as the complexity of cross-chain functionality and open source nature of DeFi platforms," the FBI said. "Investors should make their own investment decisions based on their financial objectives and financial resources and, if in any doubt, should seek advice from a licensed financial adviser."