Cryptocurrency Exchanges

The fusion of cryptography and networking technology gave birth to the blockchain, a decentralized and distributed ledger that is currently serving as infrastructures for thousands of exciting dApps on various blockchain iterations. The private and public key design of blockchain makes it virtually impossible for existing computing power to crack a blockchain using brute-force force thanks to cryptographically sound security proofs. The implementation of this secured architecture has lead to an abundance in variety of digital assets from different blockchains, and the cryptocurrency exchanges have played a vital role in bridging the supply and demand for this relatively new asset-class.

Cryptocurrency exchanges provide user-friendly trading platforms while providing market liquidity. There are two types of exchanges: centralized and decentralized. Centralized exchanges are much like stock brokerages, which have custody of customers’ funds thereby achieving highly efficient trading relative to the decentralized exchanges. On the other hand, decentralized exchanges provide an exchange between two users via the blockchain by utilizing smart contracts. Since decentralized exchanges do not hold custody of a customer’s fund, it is believed by some that they tend to be safer than the centralized exchanges. This thought remained until a recent incident involving the decentralized exchange Bancor, which was hacked due to vulnerabilities in their smart contracts.

OceanEx is a centralized exchange that enables high-frequency and algorithmic trading taking full advantage of liquidity in off-chain cryptocurrency trades. Through compliance with strict financial regulatory requirements, OceanEx protects platform-users and their assets while also offering FIAT exchanges in order to meet the asset-management needs of customers.

Exchange Security

OceanEx faces precisely the same set of challenges of other centralized exchanges namely platform-security. From the early grand heist of Mt Gox in 2014 to the more recent hacks of Coincheck, Binance, and CoinPark — security breaches never fail to understandably ignite blockchain communities when significant financial loss to individual platform customers occur and includes a significant price-depression in the cryptocurrency market.

Exchanges have learned many lessons from these hacks. We maintain a majority of customer assets in cold storage, and the computer has the private key which will never be connected to the Internet thereby making it impossible to hack the cold storage. We implement a stringent and fine-grained access control policy of platform roles so that employees do not have access to extraneous confidential information. We also deploy a two-factor authentication process to block suspicious logins and protect our customer accounts.

Because these exchanges are in essence complicated software/web applications there can always be sparse undetected bugs and vulnerabilities, possibly due to code issues or misconfigured infrastructure. Aside from these relatively newer blockchain exchange companies, massive web breaches are happening to large companies that spend a tremendous amount of resources on security including Equifax and Yahoo, as well as the leak of hundreds of million voter records from the US Government.

Indeed vulnerabilities in Internet software are not unique to the crypto industry, but the anonymous nature of blockchain accounts makes things more challenging compared to other Internet software used in the traditional financial sector. Addresses and private keys can be generated by any computer, whereas money transferring across banks can easily be traced thanks to KYC and AML regulatory requirements of banks. The consequence? If the hackers manage to sign the transaction transferring money from an exchange into their accounts, they can safely sit on top of a big score while watching angry customers accusing the “inept” and “irresponsible” exchange (instead of the thieves worrying about how to get rid of the feds and making nefarious plans for money laundering).

OceanBrain - AI for Exchange Security

Maybe we cannot guarantee perfect software, but we take a proactive approach and always closely monitor what happens inside the platform, search for suspicious activities, and secure the exchange vault and shut down the entrance before the hackers get away. Such a monitoring system is as easy to implement as a software component, but what makes it difficult is deciding the patterns that define abnormal activities. Indeed human experts can define rules to use patterns, but such practices can hardly be comprehensive and adaptive to unknown future attacks.

To tackle this challenge, OceanEx is empowered by OceanBrain: an artificial intelligence system that uses advanced deep learning algorithms to learn from a significant amount of market data stream, and adaptively discover abnormal patterns in the market. With OceanBrain all of the platform information such as trading transactions, user activities (e.g., login, withdraw and deposit), API activities, market movements, and infrastructure status all comprise a broad spectrum of statistical measurements. OceanBrain uses a proprietary convolutional neural network to learn from the time series of these measurements, discover sophisticated temporal patterns over these time series, and use the learned patterns to differentiate normal system and abnormal system (i.e. detect possible hacks). When the trends indicate that the cause of abnormal detection is attributed to a set of user accounts these will be suspended immediately (since they may be compromised). However, in certain scenarios, the patterns can become very complicated and hard to attribute to individual users, so the entire exchange may need to be temporarily halted unless the threats are cleared by our security team.

Conclusion

AI serves as a powerful tool providing an extra security layer in addition to all existing human designed security measures protecting exchanges. By continuously experiencing the market and analyzing the large volume of user activities, OceanBrain learns complicated security patterns that are impossible for experts to summarize and anticipate. Every day we wake up, OceanEx becomes stronger and more robust against malicious activities.