AnChain.AI, a blockchain APT hacker group that provides AI-powered blockchain ecosystem security, according to CBInsights, released a report showing that the equivalent of $6 million in transaction volume was driven by rampant, malicious bot activity on Dapps in the first quarter of 2019.
The report — the largest-scale study of malicious bots in the EOS ecosystem — also found 51 percent of unique accounts and 75 percent of total transactions were driven by non-human accounts. Bot activity threatens the integrity of the blockchain industry, as user activity, transaction volume, and daily volume are among the most frequently called-upon metrics for determining technological validity, and precisely what is being faked, said Victor Fang, CEO of AnChain.
AnChain is backed by Amino Capital, a Palo Alto VC firm, and has 15 employees.
The study examined millions of transactions from the top 10 EOS blockchain gambling Dapp platforms — which represent 65% of all EOS Dapp transaction volume — to monitor performance and detect suspicious activity. Using artificial intelligence, AnChain was able to root out repetitive or hyperactive accounts to determine that they were malicious bots.
Fang suggest that these autonomous players were programmed to boost Dapp ranking, increase liquidity of Dapp utility tokens, reap unearned profits on Dapp payout dividends, sabotage competitors by congesting the Dapp, or launch targeted attacks on vulnerable Dapps.
In particular, during the study AnChain identified five Ethereum addresses behind an extremely sophisticated attack that employed 50,000 self-destructible malicious bots to steal $4 million over two weeks, by exploiting a contract flaw in a popular gambling game.
The study goes on to suggest that bot activity is a feature, not a bug, of decentralized blockchains. Pseudonymous transactions “leave the door open to bots going undetected for extended periods of time,” in comparison to IP based internet accounts that are governed by a central authority, like ICANN or the SEC. “The decentralized nature makes blockchains even harder to defend than cloud systems,” said Fang.
Though Fang also admits, “In the long run, blockchains will be more secure.” However because of the way cryptography has been implemented, there is currently no way to ensure organic growth. Although AnChain only examined EOS, his findings coincide with a report compiled by the SEC, which found that “95 percent of reported Bitcoin volume is fake.”
This is not to say the bots are only an issue for blockchains. The report cites a study showing that almost 40% of all Internet traffic in 2018 alone was bot driven. In fact, Fang drew an allusion to the early days of the internet, when it seemed like only gambling and porn sites could thrive. Ultimately, he suggests, blockchains need more accountability — be it from a centralized authority or decentralized action.
“This is the first time a company used deep learning to X-ray all the leading transactions and ask how healthy is this ecosystem,” said Fang. “People will have to realize it’s a problem and take actions against it.”
The study found that the most active Dapp, EOS, representing $480 million in weekly transaction volume, has only a small percentage of bot activity. It’s the lagging Dapps that account for substantial amount of suspicious transactions. In fact, the second most popular Dapp exhibited the most bots, at around 1,900 out of the platforms 4,500 unique users. The authors suggest, “This dynamic hints at the competitive nature of the Dapp world where the runner-ups are leveraging bots in order to augment overall ecosystem usage metrics.”
The authors also note that the second most popular Dapp has roughly four times the amount of transactions on its platform — signaling, but not arriving at popularity. These falsified numbers skew datasets, fooling investors, regulators, builders, operators, and enthusiasts in the process.
Fang said untrustworthy platforms will have long-term negative consequences for an industry that is still developing. The company suggests, in order to preserve legitimate competition, and draw earnest adoption, developers should institute automated quality assurance tests on their platforms, and discourage cheating through the implementation of malicious bots.
Ironically, much of this protocol can be transparently initiated through the use of “good bots,” which can automate screening and enforcement of regulations.
What’s more, on slower Dapps, good bots could be programmed to interact with human players, who may not always find other gamers to play with… “a bot player will be deployed to fill the void.”
Image via Shutterstock.
Follow us on Twitter
For updates and exclusive offers, enter your e-mail below.