Chinese ‘white hats’ strive to bring security to crypto
In early 2019 two cryptocurrency exchanges, Gate.io and Bitrue, were the targets of 51% attacks. This is when a group of miners that controls more than 50% of a blockchain’s network can interfere with the process of recording new blocks.
This can be done for a variety of reasons. The January 51% attacks lasted well over 48 hours and subsequently both exchanges issued alerts via Twitter to say they had been subject to “double spends” attacks. Gate.io lost around 40,000 Ethereum Classic tokens, worth nearly $200,000 at the time, and Bitrue lost 13,000 tokens.
Many in the sector have speculated that these attacks show inherent weaknesses in the Ethereum Classic network infrastructure. However Chinese cybersecurity specialist Xiamen SlowMist Technology Company, as the first to release an analysis of the incident, defined the incident as a systematic “block reorganization attack.” SlowMist also went on to identify three wallet addresses and four transaction hashes implicated in the breach.
SlowMist first announced the possibility of the attack on January 6th and the warning was validated the next day by leading US exchange Tech News.
A few days after the disclosure, and following SlowMist’s announcement that it had enough information to identify the attacker, the cryptocurrency exchange Gate.io announced that the hacker had returned roughly half of the $200,000-worth of stolen Ethereum tokens. The exchange reportedly said it remained unaware of the purpose behind the attack.
SlowMist’s team of expert crypto security specialists, who say they have worked for companies and organizations such as Google, Microsoft, W3C, Tencent, Alibaba and Baidu as well as some governments, uses what they call a “Blockchain Threat Intelligence” (BTI) System which they say includes “on-chain” and “off-chain” capabilities.
SlowMist also says it performs security audits, deploys defensive measures and engages in underground TI tracking via an extended global network of security contacts known collectively as “the SlowMist Zone.”
Among its clients are exchanges as well as digital wallets – including multi-asset custody-free wallets – and smart contract vendors around the world.
“Using our entire BTI System… we continuously provide TI for partner companies and governments,” an unnamed SlowMist representative told Asia Times via email. “With all these security tools and experienced personnel at our disposal as well as advanced honeypot analysis technology, we are able to capture and identify an entire network of automated token-theft attacks.”
A “honeypot” is a decoy platform which is designed to purposely lure and deceive hackers in order to identify and prevent malicious activities performed over the Internet.
The respect that the SlowMist network has earned is shown by the fact that Coinable said Ethereum’s developers worked alongside the SlowMist team “to identify the origin of these attacks.”
Michael J. Casey, chairman of Tech News’s advisory board and a senior advisor for blockchain research at MIT’s Digital Currency Initiative, in a Tech News column said it was “arguably the most significant 51-percent attack ever.”
SlowMist says it has dealt with other Ethereum-related mishaps in the past. Back in March 2018, SlowMist disclosed the “Ethereum’s Black Valentine’s Day” incident which entailed a two-year-long automated theft process resulted in losses of nearly 50,000 Ethereum as well as a considerable number of other types of tokens. SlowMist claimed the total amount stolen exceeded $20 Million.
SlowMist claims its ability to respond rapidly and with precision is why it now serves so many clients – foreign and domestic alike.
“Among other things, SlowMist is the first company in China to be listed on Etherscan’s recommended roster of smart contract security auditors. There are many smart contract vendors, and they all need security auditing, too,” SlowMist told Asia Times. “We have audited more than 400 smart contracts for well-known exchanges including Huobi, OKEx, KuCoin, OTCBTC, and BTCBOX as well asTrueUSD in the US.”
So what about SlowMist’s reportedly close relationship with the Chinese government? “We always strive to do the right thing,” replied the SlowMist representative. “Obeying all of the PRC’s applicable laws and regulations are both our guiding principle and the bottom line in our work.”
“We are all from famous security companies in China, and none of us are (former members) of the Peoples Liberation Army… By sharing threat intelligence and sharing blockchain security technology, our SlowMist Zone has brought more security to the ecosystem together with many essential blockchain practitioners (including ecosystem-friendly ‘white hat’ hackers).”
In terms of security, SlowMist says its approach is to focus on the technical challenges that blockchain ecosystem-wide security products and services face.
“We want to attract more like-minded people to participate, so we can embrace the blockchain… because of an open-ended approach using shared security technology.”
“Privacy and security are the trends in the crypto world that concern us the most because so many new players are appearing and because of the decentralized nature of blockchain. Future trends involving payment and settlement, digital identity, competitive DApp, infrastructure including exchanges, wallets, and node services, are also worth keeping an eye on,” added SlowMist.
SlowMist says it is well aware of a report from the Blockchain Transparency Institute (BTI) that looks at the large number of exchanges deliberately inflating their transaction rates and engaging in crypto “wash trades“. The BTI estimated that this deceptive activity has, to date, cost investors as much as $100 million.
However, SlowMist sees this as a financial issue related to the absence of transparency and the need for more widespread and routine security audits. In other words, this is not part of SlowMist’s focus, which concentrates on technical and security-related matters.
“This absence of transparency is only going to become more troublesome as more blockchain-dependent operations emerge. The situation described in the BTI report may be more of a financial issue now rather than a technical matter, but maybe we all need to pay more attention to what the crypto world is fast becoming.”