1. Home
  2. Blockchain Analytics

Blockchain Analytics

Building a more open financial System: How Coinbase detects bad actors

Coinbase
12AQ1ZRtzSrOZAcbWTSi_K6dA
Blockchain Analytics

By Paul Grewal, Chief Legal Officer

Tl;dr: At Coinbase, we take our responsibility to build a more open, accessible financial system very seriously. We’re deeply committed to our asset listing policies and processes, and we’ll continue to innovate as our dynamic space evolves.

A few weeks ago, we shared concerns about purchases of certain assets right before we announced they were being considered for listing on Coinbase — possibly using insider information. We take this issue very seriously and therefore wanted to share more about our efforts in this space.

The blockchain fundamentally drives greater transparency in financial transactions

First, it’s important to understand that tracking and disrupting bad actors using crypto is far more effective than if they were using traditional fiat currencies. This isn’t to say that it’s easy, but we do have an advantage because crypto transactions are recorded on a permanent and public blockchain, which gives our investigation teams — along with the public and law enforcement — visibility into the details of different transactions. With crypto, it’s possible to trace and map transactions across users and exchanges — creating a fuller picture of what happened with any given trade, and making it easier to identify things that look like possible market manipulation or trades using material nonpublic information.

We have an exceptional team dedicated to preventing and identifying financial crimes

We have more than a decade of experience tracking and disrupting illegal activity, and have built expert teams to support these efforts along the way, including many with substantial experience in the public and private sector. In addition to our Security, Trade Surveillance, Global Investigations, and Special Investigations teams, we have a dedicated Financial Crimes Legal team. This team is led and staffed by multiple former federal criminal prosecutors and overseen by a former federal judge. Many of these former prosecutors have been part of some of the largest cryptocurrency cases in history, and are charged with making sure we’re doing everything we can to detect and disrupt bad actors.

Frontrunning can happen through technical or human means

Technical

The primary way we’ve seen information about possible asset listings become public before any announcement is through technical signals. For example, sometimes before onboarding an asset, we have to test it in ways that show up on the blockchain. These signals are not obvious to most, but are nevertheless accessible to all and may be detected if someone is looking hard enough for it, by examining on-chain data. That’s why we take steps to minimize this type of risk, including:

  • Announcing planned asset launches once a decision has been made to list an asset, but before key technical integration work begins, so everyone has access to the same information.
  • Exploring new ways of integrating and testing asset launches (including off-chain sandbox testing).
  • Building and deploying industry-first analysis tools to test our systems using a wide range of techniques based on observed real-world behavior.
  • Using a variety of best-in-class security tools to monitor and control access to sensitive listing information.

Human Sharing/Frontrunning

Information can obviously get out when people share it. Coinbase has gone above and beyond what a traditional financial institution can do to track and address this kind of bad behavior:

  • Our Trade Surveillance and other teams leverage the public blockchain to detect prohibited or suspicious transactions and then trace those funds across wallets, users, and exchanges (in a way traditional finance can’t) to see who profited and understand their connections.
  • We mandate that all employees trade crypto only on Coinbase’s trading platforms (where the asset is supported) so we can look out for prohibited trading activities.

In addition to Trade Surveillance, we also have more than 50 employees across various teams supporting the detection and prevention of illicit activity and misconduct, both on our platform and within the broader crypto ecosystem.

As we’ve stated multiple times, if an investigation finds that a Coinbase employee was involved in misuse of company information related to asset listings, we will not hesitate to terminate them — and, when appropriate, refer them to relevant law enforcement authorities.

We measure impact to drive accountability

It takes time to notice the effect of some of these changes, but we’re already seeing positive early indications of their impact on new asset launches.

Conclusion

To us, success is all market participants trading on the same information. That’s our goal. Crypto is a dynamic environment, so we are continually looking for additional ways to protect the confidentiality of information about our asset listings.

That’s why steps like these are so important. And while there’s always more work to do, I’m confident that we have the teams, resources, and experience to make Coinbase the most innovative and trusted way for people everywhere to access the cryptoeconomy.

Building a more open financial System: How Coinbase detects bad actors was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more
Whales Dump Everything for iDEGEN’s Listing

Whales Dump Everything for iDEGEN’s Listing

Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

Coin Telegraph
Hacker bungles DeFi exploit: Leaves stolen M in contract set to self destruct
attacker

A hacker apparently so thrilled by a successful theft left behind over $1 million in a smart contract that was set to destruct, permanently ensuring the crypto could never be moved.

In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto.

Just after 8AM UTC on Thursday April 21st, blockchain security and analytics firm BlockSec shared it had detected an attack on a little known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem”.

The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter.

Blockchain analytics firm PeckShield noted the stolen crypto was transferred to an “attack contract”, a smart contract which automatically and quickly executes the found exploit.

However the attacker was apparently so excited by their successful heist that they forgot to transfer over $1 million worth of stolen crypto out of their attack contract before they set it to self-destruct, permanently and irreversibly ensuring the funds can never be moved.

Using a blockchain scanner to view the attack contract address shows that $1,041,237.57 worth of BSC-USD Binance-Peg token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.

Related: Truth or fiction? Popular former hacker claims to have $7B in BTC

It's one of the more bizarre turns of events since the Polygon hacker did an “Ask Me Anything” using embedded messages on Ethereum(ETH) transactions after stealing $612 million from the protocol in August 2021. The question and answer session revealed the attacker hacked “for fun” and thought “cross-chain hacking is hot.”

This latest hack is on the smaller end regarding the amount stolen, and other DeFi protocol hacks have seen hundreds of millions siphoned off as with the recent Ronin bridge hack where attackers made off with over $600 million.

Other notable DeFi exploits include the $80 million worth of crypto stolen from Qubit Finance in January where attackers tricked the protocol into believing they had deposited collateral, allowing them to mint an asset representing a bridged crypto.

DeFi marketplace Deus Finance was exploited in March when hackers manipulated the price feed of a pair of stablecoins resulting in the insolvency of user funds, netting the hackers over $3 million.

Read more
Whales Dump Everything for iDEGEN’s Listing

Whales Dump Everything for iDEGEN’s Listing

Part 3 — Blockchain heuristics through time

Coinbase
02AdQmSjBn6rMFNEwVq
Blockchain Analytics

Part 3 — Blockchain heuristics through time

In our last post we introduced the cornerstone of scaling up blockchain analysis, commonspend, and its pitfalls. In this blog post we’ll explore more complex and novel blockchain analysis scaling methods, their drawbacks and why time is a critical feature of blockchain analytics.

1. Change prediction

Change prediction is the second most commonly applied UTXO heuristic. It aims to predict which receiving address is controlled by the sender. A hallmark of UTXO blockchains is that when addresses transact, they move all outputs. The surplus amount is normally returned to the sender via a change address.

Consider the transaction below and try spotting the change address that belongs to the sender:

The change address is likely 374jbPUojy5pbmpjLGk8eS413Az4YyzBq6. Why? In this case, prediction logic relies on the fact that the above address is in the same address format as the input addresses (P2SH format, where sender’s addresses start with a “3”).

Among other factors, rounded amounts (i.e. 0.05 or 0.1 BTC) are often recognized as the actual send, with the rest being redirected to the change address. This suggests that change prediction relies not only on technical indicators, but also on elements of human behavior, like our affinity for rounded numbers.

Naturally, a more liberal change prediction logic that takes into account multiple variables in favor of a desired outcome can potentially lead to misattribution and mis-clustering. In particular, blockchain analytics tools can inadvertently fall into the trap of unsupervised change prediction — that’s why it is vital for blockchain investigators to be mindful of the limitations posed by this approach.

2. Change prediction, not a fact

Consider a more challenging example:

We have legacy addresses (starting with a “1”) sending on to two other legacy addresses. So which one is the change address?

The best way to figure out which address is the change address is to look at how each address spends BTC onwards. Usually output addresses receiving rounded amounts are not change addresses — but this could be wrong. So let’s just place our bet on the latter output address:

1Hs6XkSpuLguqaiKwYULH4VZ9cEkHMbsRJ — its next transction is as follows:

At first glance, this sort of looks like the pattern we saw in a previous transaction. The only aspect that stands out is a significant decrease in fees.

Looking at a second output address — 12Y8szPTeVzupEfe5RXs84fRsJJZBVhTgG — we see that its next transaction is distinct from the transaction it previously made:

The fees also look low compared to our initial transaction. And we notice that both our output addresses’ next transactions involve the original 1Hs6XkSpuLguqaiKwYULH4VZ9cEkHMbsRJ address in their outputs. Following the address’s next transaction we arrive to output #1’s next transaction.

To simplify, let’s visualize:

The diamonds in the above graph represent transactions — whereas the circles represent addresses. Notice that input address 15sMm6Rkf9hzz6ZtrrdhxdWZ8jGW12gQ93 commonspends in a transaction with 12Y8szPTeVzupEfe5RXs84fRsJJZBVhTgG. Therefore, output address #2 is in fact our change address!

This example illustrates how complicated change prediction can become leading to erroneous results.

3. Bespoke heuristics are still heuristics

Entities that attempt to preserve privacy in very public blockchains, such as exchanges and dark markets, may go out of their way to create their own wallet infrastructure that makes it difficult for blockchain investigators to identify how they operate. For these cases, blockchain analytics companies will create bespoke heuristics for these particular entities.

Still, no heuristics are foolproof. Parameters and limitations for blockchain analysis depend on how restrictive the scope is — or how much room is left for interpretation. A conservative approach would dictate not attributing anything that cannot be determined with close to 100% certainty; a liberal approach would allow wider attribution, at the cost of expanding the potential margin of error.

This also applies to any bespoke heuristic that is constructed with specific blockchain entities in mind. This is illustrated well by the above mentioned coinjoin Wasabi example. Although the transaction in question highly likely to belongs to Wasabi wallet, we need to ask ourselves what this transaction is displaying:

Most likely this transaction is displaying Wasabi addresses commonspending with other users’ addresses. As complexity increases, the accuracy of attribution decreases — especially if we consider that a user might own one or more addresses in this transaction.

Every blockchain analytics tool will have a different set of parameters and rely on different heuristics. That is why differences between clusters displayed by various tools are so common — for example, the SilkRoad cluster will each time look differently, depending on the blockchain analytics software used to conduct its analysis.

In fact, even with only comonspend applied, we see how the block explorers CryptoID and WalletExplorer both show different sizes of the Local Bitcoins cluster.

4. In blockchain analytics the future can impact the past

Einstein would probably admire blockchains, because they are one of the few examples of where the future can change the past — at least from an attribution perspective. For example, 14FUfzAjb91i7HsvuDGwjuStwhoaWLpGbh received various transactions from a P2P service provider between August and mid-September 2021. So we might think that this address could belong to an unhosted wallet.

But if we check on that address a couple days later on September 30, 3021, we suddenly notice that it’s been tagged as Unicc, a carding shop. What happened? This address commonspent 15 days later with an address we already knew belonged to Unicc — making it a part of the Unicc cluster.

This is a simple example, but you can imagine from a Compliance and market intelligence perspective that these after-the-fact attributions can have some ripple effects.

Conclusion

Blockchain analytics is an increasingly complex field of expertise. It is not as straightforward as it seems and the difficulty is compounded by the fact that conclusions are drawn not only from blockchain, but also from external sources that are often ambiguous.

It is not possible to call blockchain analytics science — after all, scientific experiments can be replicated by unrelated parties who, by following a set scientific methodology, will come to the same conclusions. In blockchain analytics even the ground truth can have multiple facades, meanings and interpretations.

Certainty of attribution is almost scarce and because multiple parties are relying on different tools for conducting transaction tracing on blockchains, it can sometimes yield dramatically different results. That is why educational efforts in this area should continuously emphasize that even the most robust, tooled-up methodologies are prone to errors.

Nothing is infallible — after all, blockchain analytics is more art than science.

Part 3 — Blockchain heuristics through time was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more
Whales Dump Everything for iDEGEN’s Listing

Whales Dump Everything for iDEGEN’s Listing

New York state ramps up blockchain monitoring to enforce sanctions

Coin Telegraph
New York state ramps up blockchain monitoring to enforce sanctions
Blockchain Analytics

Blockchain analytics will help ensure that NY-licensed companies don’t send money to sanctioned Russians.

New York state’s efforts to enforce sanctions against Russia have ramped up a gear with the Department of Financial Services, or DFS, expediting the procurement of additional blockchain analytics technology.

According to a statement released Wednesday, the department will use the technology to help detect exposure to Russian individuals and entities subject to federal sanctions, by the virtual currency businesses licensed by the department.

NY Gov. Kathy Hochul issued an executive order Feb. 27 directing state agencies to divest from Russian institutions and companies, as well as entities that provide them with support. She said:

“New York is proudly home to the nation's largest Ukrainian population and we will use our technological assets to protect our people and show Russia that we will hold them accountable."

New York requires individuals and companies engaged in a number of activities with virtual currency to apply for a BitLicense. The DFS is now “assessing a number of technology tools and service providers to augment current supervisory capabilities.” No other details were given about the analytics technology the state is looking for.

The DFS held a techsprint — an “intense problem-solving sessions meant to facilitate innovation, collaboration and creative solutions to difficult problems” — to design a digital regulatory reporting mechanism for virtual currency companies in March 2021. It was noted at the time that event organizers were working with some of the participants to advance the development of their solutions.

Blockchain analysis is typically used to assure anti-money laundering compliance and customer protection. The process often combines the tracing of transfers on the blockchain with information obtained off-chain to understand transactions.

Read more
Whales Dump Everything for iDEGEN’s Listing

Whales Dump Everything for iDEGEN’s Listing

4% of crypto whales are criminals and they have $25B between them: Chainalysis

Coin Telegraph
4% of crypto whales are criminals and they have B between them: Chainalysis
Blockchain Analytics

The report defines criminal whales as private wallets that hold more than $1 million worth of crypto with more than 10% of their balances coming from illicit addresses.

Chainalysis data shows that 4068 criminal whales (roughly 4% of all whales) are hodling more than $25 billion worth of cryptocurrency between them.

The blockchain analytics firm defines criminal whales as any private wallet that holds more than $1 million worth of crypto with over 10% of the funds received from illicit addresses tied to activity such as scams, fraud and malware.

The data is from the “Criminal Balances” section of the Crypto Crime Report that explores criminal activity on the blockchain over 2021 and early 2022. The wide-ranging report also covers topics such as Ransomware, Malware, Darknet markets and NFT related crime.

“Overall, Chainalysis has identified 4,068 criminal whales holding over $25 billion worth of cryptocurrency. Criminal whales represent 3.7% of all cryptocurrency whales — that is, private wallets holding over $1 million worth of cryptocurrency,” the report reads.

The data showed that 1,374 whales had received between 10% and 25% of their balance from nefarious sources, while 1,361 had between 90% and 100% . Those with balances between 25% and 90% of illicit funds totaled 1,333 criminal whales.

Percentage of whale balance via illicit addresses: Chainalysis

“Whereas stolen funds dominate overall criminal balances, darknet markets are the biggest source of illicit funds sent to criminal whales, followed by scams second and stolen funds third,” the report read.

Related: Chainalysis report finds most NFT wash traders unprofitable

Illicit transaction activity

In terms of illicit transaction activity, the report revealed that criminal addresses had received more than $14 billion in 2021, marking a whopping 79% increase compared to the $7.8 million seen in 2020.

Value recieved via type of crypto crime: Chainalysis

The lion's share of that $14 billion figure last year was attributed to scamming which increased by 82% year-over-year to account for $7.8 billion. Decentralized Finance (DeFi) rug pulls in particular were highlighted as a key source of scamming at $2.8 billion:

“We should note that roughly 90% of the total value lost to rug pulls in 2021 can be attributed to one fraudulent centralized exchange, Thodex, whose CEO disappeared soon after the exchange halted users’ ability to withdraw funds.”

Theft also increased by 516% to account for $3.2 billion worth of illicit transaction activity, with the DeFi sector once again being an area of concern.

On the positive side, Chainalysis pointed out that all transaction volume in USD value in 2021 totaled around $15.8 trillion, with illicit addresses accounting for a mere 0.15% of that figure, down from 0.34% the year prior.

“Crime is becoming a smaller and smaller part of the cryptocurrency ecosystem. Law enforcement’s ability to combat cryptocurrency-based crime is also evolving. We’ve seen several examples of this throughout 2021, from the CFTC filing charges against several investment scams, to the FBI’s takedown of the prolific REvil ransomware strain, to OFAC’s sanctioning of Suex and Chatex,” the report said.

Read more
Whales Dump Everything for iDEGEN’s Listing

Whales Dump Everything for iDEGEN’s Listing

Blockchain.com Raises $300 Million, Firm’s Post-Money Valuation Now $5.2 Billion

Bitcoin.com
Blockchain.com Raises 0 Million, Firm’s Post-Money Valuation Now .2 Billion
$120 Million
Blockchain.com Raises 0 Million, Firm’s Post-Money Valuation Now .2 BillionThe crypto financial services provider Blockchain.com revealed on Wednesday that the company has raised $300 million in a financing round. Blockchain.com’s latest funding round follows the $120 million raise the company obtained last month. Blockchain.com Is Now Valued at $5.2 Billion On March 24, Blockchain.com CEO Peter Smith announced that the company was pleased to […]
Read more
Whales Dump Everything for iDEGEN’s Listing

Whales Dump Everything for iDEGEN’s Listing

WordPress Theme by cactus.com
Close

Share this video