The last decade has seen an astronomical rise in new cryptocurrencies, and there are now thousands across the globe. Though the market cap is around 270 billion dollars, the values of different currencies can be volatile, with dramatic spikes and falls. The market relies on crypto exchanges to manage the trade in cryptocurrencies based on their real-time value. The billions of dollars worth of cryptocurrencies that pass through these exchanges daily make them a lucrative target for hackers and other malicious forces. Maintaining robust crypto exchange security is challenging in an increasingly interconnected fraud ecosystem.
With access to a huge range of services including identity farms, human sweatshops, and intelligent technology, fraudsters have been able to develop highly sophisticated attack patterns. They maximize profit potential by leveraging different combinations of low-cost human labor, toolkits, and automated bots across the globe. This truly global enterprise means an attack can be launched by an automated bot on one continent and completed by human sweatshop workers thousands of miles away. Fraudsters are able to mount attacks on a scale way beyond the capacity of a lone attacker.
Crypto Case Study: Multi-Step Fraud in Action
A powerful example of the interconnected world of fraud in relation to the world of crypto is a coordinated bonus abuse campaign that a major tech platform was experiencing. Fraudsters were targeting a promo offer intended to entice new users onto the platform by offering free credits to cloud infrastructure. Fraudsters were quick to capitalize on this to carry out computing-intensive Bitcoin mining.
These attacks originated in China, where fraudsters used bots to create multiple fake accounts, leveraging location spoofing to masquerade as domestic users. Bot-driven attacks were supported by human sweatshops in South East Asia working to bypass existing bot detection tools.
As with all fraud, profit was the main driver and dictated the resources fraudsters were willing to spend on attacks. The high potential ROI associated with bitcoin mining justified the high cost of human-driven attacks. Arkose Labs was able to detect and eradicate these attacks, using an intelligent combination of risk assessments and interactive challenges that deterred fraudsters long term. By swiftly identifying and eliminating the attacks the offer was safeguarded for new users and helped the business grow its client base.
Preserve Crypto Exchange Security, and Protect Profit
Perhaps the greatest threat to cryptocurrency marketplaces security is account takeover. The consequences are wide-ranging; once they have gained control of legitimate accounts, fraudsters steal funds, use the accounts to launder dirty money, or make fraudulent credit applications. The proceeds fund organized crime including drugs, human trafficking, and terrorism, making account takeover a vital cog in the wider criminal landscape.
Advice for Crypto Exchanges and Wallets
In the fight against fraud, it is helpful to view it as a business; if there is no profit, fraudsters will cease operations. To slash the ROI on fraud, crypto exchanges should apply a multi-pronged approach combining intelligent risk assessment and targeted step-up challenges. Risk assessments should go beyond risk scores and triage traffic based on probable intent. They should then test and challenge high-risk traffic to deterministically classify intent through risk-informed secondary screening. Present probable bot and sweatshop traffic with targeted challenges that use interactive technology to eliminate all automated fraud, and sap the time and resources of large-scale human sweatshops. A continuous feedback loop between the risk engine and the results of the challenges allows the platform to evolve protection in real-time, spotting trends, and improves anomaly detection. Genuine customers pass through with minimal friction and crypto exchanges benefit from robust security measures.
Crypto Exchange Case Study
A global fintech platform designed to trade, invest, and raise capital with crypto technologies became a hot target for fraudsters. The company suffered attacks on many fronts including account takeover, new account origination, and payment fraud. This damaged profit, reputation and put them at risk of non-compliance. Using a combination of real-time decisioning and tailored step-up challenges, Arkose Labs was able to eliminate human-driven and automated attacks and significantly decrease account takeover attempts. Customer satisfaction was restored and profits protected.
Arkose Labs is a silver sponsor of the BlockDown 2020 , the world’s no.1 3D virtual blockchain conference, where it is showcasing how to secure cryptocurrency marketplaces. For a write-up of some specific hacks check out this interactive article on Coin Telegraph, Crypto Exchange Hacks in Review.