27 May 2022 • 10 min read
27 May 2022 • 10 min read
The Crypto market is expecting basic principles like anti-fraud and anti-manipulation while witnessing the rising blockchain-based bot attacks.
The US Securities and Exchange Commission Chair Gary Gensler said in a speech recently that assets in cryptocurrencies are highly speculative and investors need more protection or could lose confidence in the markets.
01
1. Lack of data obfuscation
Blockchain data obfuscation or data masking has not been prevalent in the industry. It is a process where essential data is masked and stored in blocks. Almost all blockchain-based applications collect users’ data such as phone numbers, email addresses, IP locations, and login time, although most of them do not obfuscate the data. Anyone can access the data as long as they have the right account id and password. Once the account information is compromised, attackers would easily take over the accounts and get the privacy data.
2. Keys are stored in plain text format
Key management is the basis of all data privacy. Sometimes, blockchain applications sacrifice security for a better user experience when it comes to key management. Storing keys in plain text format is one way to make their service more convenient. However, security incidents such as account compromise and data breaches due to plaintext storage of keys are not rare.
3. Weak access monitoring and control lead to resources abuse
Quite a bit of blockchain applications has no restriction on the IP addresses. Some visitors can access messages that do not send to them originally. Some applications do not restrict the use of resources in their system. The weak control of access and resource use would make their systems extremely vulnerable in front of DDOS attacks.
02
Blockchain technology originated from Bitcoin and becomes the core technology of cryptocurrencies like Bitcoin. So when it comes to blockchain, cryptocurrency is an inevitable topic.
People who exploit the loopholes to gain benefits within the rules are often called scalpers. They collect information on deals and giveaways of e-commerce companies, banks, and brick-and-mortar stores. In the early stage of digital currency, new users can get deals and giveaways even without registration. It attracted many scalpers to this market.
Later, when cryptocurrency exchanges emerged, users would receive the token of the platform after they put money on this platform. Not surprisingly, scalpers put money in first, as soon as they get the cryptos, they retrieved the money and brought it with cryptos to the market for exchange. This mechanism made many crypto exchanges lose a lot of money and closed their business in the end.
Back in 2018, blockchain startups gave away free tokens to attract users. It is called airdrops. Scalpers signed up on these platforms with different emails to get these crypto freebies. Eventually, airdrops cost the crypto platforms an immense amount of money and taught them a lesson. Since then, crypto companies began to pay attention to security and blockchain-based fraud.
03
Where there are profits, there are fraudsters and bot operators. Bad bots are flooding the Crypto market. No matter what bot mitigation techniques, there would be new bot attack methods aimed to bypass them. The ultimate approach to bot management is increasing the attacker’s cost till it makes the break-even point for fraudsters. GeeTest launched its 4th generation of CAPTCHA called Adaptive CAPTCHA (try demo) in 2021. It increased the attacker’s cost by over 3 times compared to previous versions.
GeeTest Adaptive CAPTCHA offers a proactive and adaptive approach to detecting and mitigating bot-driven threats.
The core of all CAPTCHA schemes is verifying the user’s response to CAPTCHA challenges. Everyone knows that, and so do bot operators. They try to forge the response to pass CAPTCHA challenges using emulators, auto scripts, CAPTCHA farms, and so on. GeeTest AI models update CAPTCHA challenges and renew image albums regularly to prevent bot operators from solving CAPTCHA challenges.
A reliable bot management solution would not solely rely on CAPTCHA challenges to block all bad bots. Grey zones are inevitable as in any business. For example, there are visitors who you don’t want to bother with CAPTCHAs; there are suspicious requests that you don’t want to simply block. GeeTest applies adaptive methods to situations like those. GCN-based models detect the visitor’s bot-like symptoms, like web simulators, CAPTCHA farms, IP addresses, dynamic tokens, etc, to assist your decision-making instead of simply letting them in or blocking them with CAPTCHA popups.
GeeTest has protected quite a few crypto companies, like BINANCE, and Axie Infinity, and developed a whole new solution for blockchain-based businesses. As a security service provider with over 10 years of experience in the fight against bad bot attacks, GeeTest has become the common choice of 320,000 outstanding companies around the world, providing more than 1.6 billion security protections every day to protect the security of online assets of enterprises.
Hayley Hong
Content Marketing @ GeeTest
Subscribe to our newsletter