Crypto exchange organization FTX reportedly faced Sybil attacks and losses. The company lost 111, 260 EUROS, with the largest number of estimated accounts (66.35), while that of users being less. White-capped users targeted bonuses offered from the exchange.
A Complete Overview of the Malicious Attack
FTX is a crypto exchange that offers ERC20-based tokens. The tokens provide traders leverage exposures up to 3 times underline the trading pair. In a nutshell, when a trader opens BULL/USD, which concerns 3x bitcoin took (10%) of purchase, the leveraged token gains 30%. This instance generated traction from hackers in the creation of vast addresses.
Regardless of the steps followed by its developers in the protection of the projects, such as using the know your customer methodology (KYC), it failed. In speculated new Euro stablecoin projects, users interact with interfaces, including giving out their credentials for their level 2 KYC identification, liquidating 100 EUROS to the FTX wallet during the campaign period, and earning bonuses. The total user numbers during the top-up of the 100EUROC is counted as one.
According to reports, there was de-duplication of fiat EURO deposited to vast numerical addresses. During the campaign period, one address deliberately deposited the specified amount of EUR to an account and then to many accounts.
Methods That Could Be Utilized in Detecting On-chain Hackers
The organization is supposed to analyze data above 100 EURO since it is the standard deposit price. Upward over-deposit should be considered and checked accordingly. Moreover, there must be an analysis of a judgment criterion. In this case, when address A makes a deposit to address B, then both A and B are considered a group. In the same way, B deposits to C, then D.
ABCD should coherently be considered a group. In addition, union-find is an Algorithm that is also a safe method to effectively catch up with a group of people transacting EUR during the campaign at the same time. After the non-exchange address is eliminated, the final group corresponding to the FTX user is acquired—not forgetting to exclude the hot wallet.
Furthermore, utilization of funding flow algorithmic tracking. This is a fusion of width first and depth first algo, which can be comprehended as a simple flowing version of the network. In this situation, the user’s deposit action is tracked from one wallet to the other while having a deep overview of the transaction timeline.
Analyzing the behavioral aggregation of the on-chain data is critical to acquire the most probability of FTX addresses. After this procedure, invert all the participants’ addresses characterized by accumulation. Conduct a follow-up on the deposit behavior during the campaign period. Then lastly, do a check on multi-deposits as one address could also be a group of participants coordinating the transfers to acquire the bonuses offered.
According to the webpage report, FTX offers bonus pools of approximately 150,000 EUROC, totaling 624 participants. Of these total users, 442 user addresses belong to attacks, excluding groups seizing below 5, thus becoming 414, meaning 66.35% belong to attackers, while 33.65 to normal users. The information shows that the exchange has lost 99525 EUROC to attackers in the name of a wool party.