Cryptocurrencies are valued at $2 trillion today, and have grown over 20 times within the last three years.
Bad actors are aware of this, and they’ve either attacked crypto exchanges or have leveraged the pseudonymous nature of crypto for their illicit deeds. Moreover, the existence of smart contracts adds an entirely new attack surface.
Dr. Victor Fang, CEO and Co-Founder of AnChain.AI, spoke to CISO MAG and discussed the structure required for blockchain data security and defense, and how AnChain.AI provides this.
Here are some of the highlights from the interview:
Dealing with Crypto Adversaries
Bad actors and cybercriminals have increasingly attacked cryptocurrency exchanges and services dealing in cryptocurrency. Why? Cryptocurrencies have been around for years, so why are these attacks increasing now?
Cryptocurrency operates on a decentralized blockchain network and has its own unique attack surface. New attack tactics have emerged, but a solid defense is always centered around the three pillars of blockchain data security:
- Infrastructure security;
- Code security, and;
- Transaction security.
It’s worth mentioning that smart contracts are adding not just 10x complexity in blockchain security concerns, but in fact, an entirely new dimension of security.
In 2018, we reported the worlds’ first BAPT: Blockchain Advanced Persistent Threat that targeted smart contract vulnerabilities, marking the most sophisticated attack on digital assets to date. In 2021, we are still seeing more attacks on DeFi, which is in the same vein but getting more sophisticated every day.
The Three Pillars of Blockchain Data Security
In 2018, AnChain.AI proposed the three pillars of blockchain data security, and in the past couple of years,the company has developed preventive frontline solutions to hackers attempting to breach these three areas.
A blockchain security breach can target the foundational consensus and the computer network of the blockchain infrastructure. This is the hardest and rarest type of attack, but has massive consequences if successful. There two common forms for this:
- 51% attack: A blockchain security breach where the majority of the miners are malicious and can launch a “denial of service” attack on new transactions and even reverse and alter the transaction, the so-called “double spend.” A good example is the January 2019 Ethereum Classic (ETC) 51% attack.
- Sybil attack: An attack wherein a reputation system is subverted by forging identities in peer-to-peer networks.
The most common blockchain security breach occurs in vulnerable smart contracts such as DApp, DeFi, Token, NFT, and more.
The first Blockchain APT hacker group in history (BAPT-LW20) coordinated an attack to steal 13,000 Ethereum (at one point worth over $18 million) by using five addresses to target a smart contract vulnerability within the DApp game, Last Winner.
This is the most frequent threat and impacts cryptocurrency-related businesses.
Bitcoin has 300K+ daily transactions, and Ethereum has one million+. A portion of these are illicit transactions carried out by terrorists, sanctioned entities, hackers, and also from obfuscated machinery such as mixers and tumblers like Wasabi CoinJoin.
Protecting Crypto Assets and Exchanges
What blockchain security solutions is AnChain currently building to protect crypto assets and exchanges?
Our vision is to provide the secure and compliant digital asset infrastructure for the billions, tackling the looming smart contract security disaster before it strikes with the world’s only real-time smart contract analytics.
We are making good progress on cryptocurrency anti-money laundering, esp. Our BEI AI-powered preventive API has been helping customers from 10+ countries to screen billions of crypto transactions daily.
We have even successfully prevented suspicious sanction-related transactions attempting to interact with some of our VASP exchange clients.
When it comes to compliance, AnChain.AI has developed the Next-Generation AI-Powered Crypto AML solution. Our patented solution covers both post-incident investigation, and more importantly, preventive measures.
Currently, 90% of the vendors in the space are focusing on post-incident investigation, but we have a more holistic approach with our blockchain security solutions.
On post-incident investigation, our CISO Auto-Trace artificial intelligence engine can automatically trace down cryptocurrencies, which is the key to Anchain.Ai’s success in being the first responder to the 2020 Twitter hack (CBS News), and Darkside ransomware Colonial Pipeline campaign in 2021.
On the preventive side, we envision this as the future of cryptocurrency AML compliance. We have innovated a real-time API product that uses machine learning to infer the risk profiles behind hundreds of millions of blockchain addresses and complies with FINCEN OFAC sanctions and other jurisdictions’ AML requirements.
Preventive, Not Curative
Since 2018, the cryptocurrency market cap has grown from $100 billion to $2 trillion today (equivalent to 10% of the 2020 U.S. GDP). It miraculously grew 20 times in three years!
In the emerging regions with inflationary pressures on their fiat currencies, digital assets offer less volatility, protection, and functionality. Preventive API is the key to cryptocurrency AML moving forward. After all, blockchain data security works best if it’s preventive, not curative.
Find out more about AnChain’s solutions here.