Embedded Fraud Analytics for DeFi Protocols

Written by

Decentralized finance (commonly referred to as DeFi) is a niche segment in the world of cryptocurrencies. Rather than relying on intermediaries such as banks or exchanges, DeFi directly conducts transactions between participants, mediated by smart contract programs.

The Current State of DeFi

DeFi protocols revolve around applications known as DApps (decentralized applications) that perform financial functions on blockchains. Tens of billions of dollars worth of crypto have flowed through such applications as they continue to percolate into global, popular consciousness.

DeFi aims to renovate financial services to become trustless, transparent and steered by the consumer. Such products span across the spectrum of lending and borrowing, asset management, savings, margin trading, decentralized exchanges (DEXs), prediction markets, and so on. 

Fraud Attacks

Recently, there have been a few malicious attacks on existing DeFi products — notably, flash loans. Such loans enable instant borrowing without collateral if funds are returned to the pool within one transaction block. Flash loans can be useful for traders looking to quickly profit from arbitrage opportunities when two markets price a cryptocurrency differently.

Offenders have been trying to game the system of smart contracts to trick lenders into falsely believing that loans have been repaid in full. This is mostly achieved by shrewd market manipulation, where the price of the coin being used to repay the loan is temporarily pushed up in the exchange tracked by the underlying smart contract.

In general, fraudsters attempt to spot loopholes in DeFi protocols in the form of a) smart contracts that are not written to execute exactly as intended and b) Oracles (services that provide smart contracts with information about the outside world) that are exploitable.

Proposed solutions to such fraud trends center on banning exchanges from accepting trades from flash loans and introducing governance voting as a part of the loan process. However, these detract from the original vision of DeFi.

Fraud Analytics Solutions

Fraud Analytics algorithms (running either off-chain or as observer nodes in DeFi blockchain) can help detect and counter malicious activity.

As flash loans mandate the offer and resolution of the loan in a single transaction, complex forms of market manipulation with patterns staggered across long periods might never be feasible for offenders.

Hence for such attacks, a) simple predictive analytics to forecast market swings resulting from the requested loan amount, and b) optimization algorithms to arrive at the most ideal, weighted basket of market price oracles to get the closest picture of the real world would suffice.

However, over time there might be increased demand for various services such as DEXs, loans using hash time-locked contracts, and so on. This might enable market manipulation via a wide diversity of typologies:

a) Co-ordinated trading — groups of traders synchronizing their actions to influence the price.

b) Churning — traders placing both buy and sell orders at about the same price. The increase in activity is intended to attract additional investors and raise the price.

The above trends can be detected by running machine learning algorithms on the data residing in Blockchain logs. These can analyze patterns in the flow of funds. Such inferred sequences can be further enhanced by cross-referencing wallet activity with threat intelligence at the device or IP level.

c) FUD propagation — social media can be used to spread fear, uncertainty and doubt about prospects of any crypto asset in order to shoot down its price.

Oracles connecting social media forums to the DeFi protocols can help text analytics algorithms conduct ‘sentiment analysis’ and automatically spot attempted social engineering of crypto-asset outlook. This can help flag DeFi transactions that stand to gain from such FUD.

d) Spoofing — in the space of high-frequency trading, market manipulators often place large volumes of buy/sell trades only to withdraw them later. Such a flurry of activity is designed to attract other high-frequency traders, thus influencing the market price of any traded asset.

Fraud analytics solutions can infer a real-time probability score of any DEX being manipulated. This can have crucial downstream applications such as dynamic updating of the basket of market prices to be tracked by Oracles and raising automated alarms to stop the contagion of market abuse from one DEX to another.

The Road Ahead

There is an evolving market for insurance covers to protect against the financial ramifications of the gaming of smart contracts. Availability and performance of fraud mitigation tools can clearly act as a significant input in determining efficient prices of such products.

Over time, many fraud schemes of traditional finance might emerge in DeFi. In light of this, embedded fraud analytics solutions can help build secure DeFi ecosystems by completely removing the need for trusted custodians scrambling to manage the threat landscape, one attack at a time. 

If you liked this article, be sure to check out these upcoming Online Summit sessions:

What’s hot on Infosecurity Magazine?