3 Ways AI is Securing Crypto Exchanges

Artificial intelligence (AI) has been a darling of the press and may be a term that is frequently overused. Truth be told, AI that is indistinguishable from human intelligence is more science fiction than reality, like what we’ve seen in “Ex Machina.” At the same time, more mundane approaches to AI such as statistical analysis, regression analysis and deep learning have been established as key technologies for businesses. This practical AI has permeated the enterprise, with marketing, IT, human resources, security and other departments leveraging the technology to streamline processes and increase efficiency. Given the speed and scale required of today’s global businesses, this reliance on automation is a natural progression.

In particular, AI use cases have picked up significantly in security. Here’s why: A recent survey by PCI Pal found that 44 percent of U.S. consumers have suffered the negative consequences of a security breach. This influx in online criminal activity has made it difficult for any organization to defend against increasingly sophisticated hackers, especially as they refine their tactics and leverage AI. The same survey found that 83 percent of U.S. consumers will stop spending with a business for several months in the immediate aftermath of a security breach, representing a significant loss in revenue. To keep up with the rate of cybercrime and avoid reputational and/or financial repercussions resulting from a data breach, security teams across a number of industries have turned to AI.

The crypto industry is not really that different from any other FinTech online service. Crypto exchanges are just websites where you can buy, sell or exchange cryptocurrencies for other digital or traditional currencies such as the U.S. dollar or euro. They’ve been around for a while, but they’ve recently boomed with the surge in Bitcoin, the most popular cryptocurrency. With the cryptocurrency market estimated to hit $1 trillion this year, it’s no surprise that cybercriminals are targeting these exchanges and getting away with massive sums. In fact, in the past year, there were several major attacks targeted at crypto exchanges, including the following:

  • NiceHash – $63 million stolen in December 2017
  • Coincheck – more than $500 million stolen in January 2018
  • BitGrail – around $195 million stolen in February 2018
  • Coinrail – around $40 million stolen in June 2018
  • Bithumb – $30 million stolen in June 2018
  • Zaif – $59 million stolen in September 2018

It’s hard to talk about crypto and AI in the same breath. It feels as though the conversation has been overloaded by fashionable acronyms, a sort of “bullsh*t bingo.” That said, driven by this escalation in attack activities, the crypto industry is paying more attention to security and is looking toward newer and automated technologies including AI and machine learning to protect themselves.

Within the crypto industry, security needs to address all three fundamental layers of crypto economy: coins or tokens (protocol), exchanges and personal wallet security. If there’s an issue at the protocol layer and a hacker is able to identify and exploit protocol flaws, it doesn’t matter how secure the second and third layers are, hackers will get in. And because crypto exchanges are similar to a centralized web application, they’re prone to the same security issues as all other websites. This is bad news for issuers and crypto exchanges alike, given their livelihood depends on the security of crypto assets and confidence from the public.

To circumvent these issues, the crypto industry leverages AI to effectively and quickly automate security protocols and identify vulnerabilities not visible to the human eye. More specifically, AI is being used to secure cryptocurrency exchanges in the following ways:

Proactive Attack Blocking. By analyzing website and application traffic, AI is able to identify and block attacks before they do damage to the website. By leveraging attack data, including payloads, attack types and endpoints, AI is able to actively verify and prioritize threats and determine whether they are a high-risk incident or simply irrelevant aggressive noise.

Fraud Identification. AI can be designed to detect fraud in transactions via a predefined set of rules that automatically detect when something on the exchange is awry. AI is already being implemented by banks and other financial technology companies, making it an easy jump to retool AI capabilities for crypto exchanges.In addition, AI-centric fraud detection should be at the foundation of transparent exchanges, which would make it even easier to regulate the exchange of currency and detect any malicious hacks.

Vulnerability Detection. Not specific to AI but still very important to the security of the crypto industry is timely detection of vulnerabilities. An automated security system should be used to continuously analyze network perimeters and discover exposed assets and services. Further, continuous security testing should be used to automatically scan for vulnerabilities in crypto exchanges that could potentially be exploited by hackers. AI can help here to assess how risky the vulnerability might be and to quickly generate a virtual patch.

As long as cryptocurrencies remain in use, we can expect hackers to target crypto exchanges for profit. With cybercriminals becoming increasingly skilled, it will be important for issuers and crypto exchanges to continue to incorporate AI into security processes to effectively defend against the constant threat of a breach. And because exchanges grow their business by having the trust of consumers, it will be imperative for them to leverage technologies such as AI to monitor and secure assets in real time.

Featured eBook
7 Reasons Why CISOs Should Care About DevSecOps

7 Reasons Why CISOs Should Care About DevSecOps

DevOps is no longer an experimental phenomenon or bleeding edge way of delivering software. It’s now accepted as a gold standard for delivering software. It’s time for CISOs to stop fearing DevOps and start recognizing that by embedding security into the process they’re setting themselves up for huge potential upsides. Download this eBook to learn ... Read More
Security Boulevard
Ivan Novikov

Ivan Novikov

Ivan Novikov is a white hat security professional with over 12 years of experience in security services and products. He is an inventor of memcached injection, and SSRF exploit class as well as a recipient of bounty awards from Google, Facebook and others. Ivan has recently been a speaker at HITB, Black Hat and other industry events. Currently, Ivan serves as the CEO of Wallarm.

ivan-novikov has 2 posts and counting.See all posts by ivan-novikov