How AnChain.AI prevents payment risk via analysis of over 49 million transactions!
Overview
- AnChain.AI provides support to blockchain ecosystems by quickly deploying monitoring and security solutions
- AnChain.AI’s web3 security and compliance solution is fully integrated with blockchains such as Elrond, Ripple, Solana, Algorand, Flow, and more coming soon
- How the Blockchain Ecosystem Intelligence API is opened to builders and developers, enabling them to build safe and compliant applications from day one
- Demystify machine learning models which enable users to become compliant with FATF guidance for AML/CFT
- Deep dive into how machine learning can detect and prevent malicious actors on Web3 blockchains and why it’s critical for financial institutions and DeFi
Poolside in Miami, Florida. The “Crypto Coast” as Mayor Francis Suarez puts it. He might be onto something.
Working on web3 at a cabana isn’t so bad.
After all, it’s been quite some time since the work involved any lifeguarding. A decade later, the whistle and visor have been replaced by a crypto wallet and a risk score.
From protecting unruly children to protecting clients from bad actors on blockchains.
Suddenly, a message from one of our shared Slack channels with a client, the Elrond Network Blockchain:
“BH Network, our web3 payment network partner, needs to onboard up to 25,000 wallets. Can you help?”
Gladly. Elrond’s builders need help with AML and risk. Let’s dive in.
Artificial Intelligence in Crypto Compliance
In 2022, we officially partnered with Elrond Network Blockchain, the developer of internet-scale blockchain infrastructure to enhance compliance and prevent fraud in the Elrond ecosystem per FATF guidance. By deploying powerful machine learning for wallet intelligence, and opening up the insights to developers on the network, AnChain.AI can support entire blockchain ecosystems to build with a risk-based approach from day one.
In this case, we were able to communicate with and directly support BH Network, a decentralized payments network built on Elrond, at a moment’s notice.
To date, over 49 million Elrond blockchain transactions and thousands of crypto wallets have been screened by AnChain’s Blockchain Ecosystem Intelligence (BEI™) API in an effort to help Virtual Asset Service Providers (VASPs), such as BH Network, comply with FATF’s guidelines in taking preventive measures, such as conducting client due diligence, for anti-money laundering and countering the financing of terrorism (AML/CTF) purposes.
Could BH Network have done the onboarding without us? Yes – but not without a dedicated team working on it.
Why?
Onboarding a crypto wallet means comprehensively conducting due diligence on all of the transactions associated with the wallet to ensure the wallet is not associated with any illicit activities, bad actors, sanctions, or patterns of suspicious activities. This is a time-consuming task for any web3 builder, especially when factoring in the thousands of wallets to be analyzed.
We solved this problem. Our AI-powered risk-scoring engine made it quick and straightforward for BH Network to screen wallets, onboard wallets, and detect transaction fraud in real-time while remaining compliant with FATF regulations.
The software does the work.
Dissecting the Machine Learning Process
Machine learning is critical in powering AnChain’s Blockchain Ecosystem Intelligence solution.
As the name suggests, the BEI risk score engine evaluates the riskiness of blockchain wallet addresses using predictive machine learning techniques. The process is illustrated in the graph below:
Model Data
Our risk score engine is powered by data from public sanction database lists, as well as the work of threat intelligence teams to identify scams and hacks. Other data sources include but are not limited to data partners, internal research, and open-source intel (OSINT). Our data goes through a rigorous vetting process before being implemented into our systems. Once updated, our machine learning engine continuously improves to provide scoring based on real-time transaction behavior.
Model Features
We extract and engineer features from the data sources illustrated above. Most notably, the count of incoming transactions from a confirmed scam wallet address is one of the essential features powering our machine learning model. We engineered features using a combination of “off-blockchain data” from our label consortium with “on-blockchain” transaction data.
This is the same feature that helped us capture dusting attacks on the Elrond blockchain. We’ll dive into the details shortly.
Model Training
Now that we have the features, how did we train our machine learning model to obtain the risk score for crypto wallets? The secret sauce is the XGBoost regression model.
In addition to the attribute risk score and hacker risk score, we used the XGBoost regression model to train the data to power the suspicious transaction score. This adds an extra layer of insight, allowing us to enhance the signals from intelligence databases to boost the risk score accuracy and confidence.
How to Interpret the BEI Risk Score?
On a high level, the machine learning behind the risk score is largely influenced by a few address-level characteristics:
- Bad labels (“scam”, “hacker”, “sanction”, etc.) associated with the address stored in AnChain’s label consortium
- Transaction activity. Wallets with more transactions or higher transaction values are deemed as higher risk.
- Hacking events. Wallets associated with known hacks may contribute to higher risk scores.
Case Study: Detecting Dusting Attack on Elrond Using ML
Now that we have a better idea of what’s under the hood, let’s use CISO™, our visual tool for compliance, investigation, and security operations. This lets us take a closer look at the risk score in action. We’ll use a sample wallet that BH Network wanted to onboard.
Example Wallet Address: erd1mdepuw4ncy4a09g34pweqfzmzjs05japnrz0y9fj0swf4gfmvkvsk29ga4
Once we entered the address in the CISO search bar, we could see that on November 28, 2021, the wallet received 0.00001 EGLD from a known scam address. As a result of the low volume of transactions with a scam address, the wallet’s risk score is 55 out of 100, indicating a slightly higher risk.
At first glance, this wallet and its risk score seem benign. But when stacked against dozens of other wallets with similarly elevated risk scores as a result of receiving a similarly low volume of EGLD transactions from addresses that we had labeled as “scam”, we knew something suspicious was going on.
Detecting Dusting Attacks on Elrond
Introducing dusting attacks – a dusting attack is an attempt to de-anonymize wallet holders by sending small traces of crypto, often referred to as “dust”, to wallets. Suppose bad actors are successful in identifying the receiving wallet owner’s identity, especially that of crypto whales. In that case, the bad actors could upgrade their tactics to extract value from the wallet owners via phishing techniques, blackmailing, and more.
So, how prevalent are dusting attacks on Elrond?
Our team has detected that in the last two quarters of 2021, a total of 16,076 dusting transactions were sent to 13,690 addresses from 25 (potentially) bad actors.
Dangerous Waters Deserve Guardians
Bad actors have been using dusting attacks on thousands of wallet addresses on the Elrond blockchain. The nature of dusting attacks meant that the risk score of wallets that were not necessarily scam-related have gone up.
Understandably, BH Network was concerned.
Like a stone cast into the water, one wallet’s elevated risk score caused by a dusting attack resulted in a ripple effect on the network of wallets waiting to be onboarded to BH Network. Dangerous and murky waters indeed.
BH Network conducted due diligence on all wallets with elevated risk scores, as recommended by AnChain, and decided to onboard the wallets despite the elevated risk score. The risk scores raised awareness about a potential problem and empowered the BH Network team to take preventative action to protect its ecosystem.
It is ultimately up to our clients like BH Network to decide if they want to take on heightened risk during their compliant wallet onboarding process (read: FATF risk-based approach). The software measures risk above and beyond regulatory requirements – enabling virtual asset service providers to protect from the most basic of risks in sanction wallets, or sophisticated security threats which provide more dynamic risk.
In this case, dusting attacks did not present an immediate concern for onboarding the wallets.
How Can Victims of Dusting Attacks Protect Themselves?
Victims of the dusting attack can protect themselves by:
- Create a new wallet and transfer every asset, except the “dust”
- Utilize a hierarchical-deterministic (HD) wallet which generates a new address for each new transaction
- Utilize a VPN or Tor to obfuscate IP address
24/7/365
AnChain identified a bad actor in the Elrond blockchain ecosystem (in support of builders on the chain), revealed its suspicious activity as a type of fraud, and facilitated the safe and compliant onboarding of a client despite this. To this day, BH network continues to onboard new users as needed, leveraging BEI for crypto wallet screening.
We will continue to monitor the Elrond ecosystem and keep an eye on its 1.6 million-plus wallets for suspicious transactions and changes in the risk scores.
With over 100 million cryptocurrency wallets to secure and monitor across multiple blockchains like Algorand, Solana, Harmony, and Flow – our work is cut out for us. Safety doesn’t sleep, they say.
But maybe we’ll let machine learning do the whistle-blowing.
