The security of cryptocurrency exchanges has become a persistent concern since the infamous Mt. Gox hack in 2014 and the subsequent string of enormous sums stolen through exchanges. The problem is not only relegated to the stealing of funds itself but the proceeding laundering of illicit funds through exchanges.
The recent Q3 AML report by CipherTrace — the cryptocurrency forensics and intelligence company — reveals the staggering extent of money laundering through cryptocurrency exchanges since 2009. Nearly 97 percent of illicit cryptocurrencies from identifiable criminal sources flowed into unregulated exchanges totaling 380,155 BTC.
While the report concludes that increasing AML regulatory structures has a noticeable impact on reducing money laundering volumes, attack vectors in the industry are consistently evolving. Exploits at the blockchain and smart contract level are emerging as legitimate threats to the security of funds on both centralized and decentralized exchanges. Several improvements in security technology focus on reducing instances of hacks, but they cannot adequately identify, track, and block stolen funds from going through exchanges.
MonitorChain — the real-time smart contract security surveillance product from Zenchain — has recently entered into a partnership with the multi-chain decentralized exchange platform ContractLand to redefine security standards in the industry.
A New Model of Exchange Security
MonitorChain is an innovative security tool designed to protect exchanges and token issuers from the hacking and laundering of cryptocurrencies through exploits at the smart contract level. Examples of instances where MonitorChain can provide an effective monitoring and alert solution are exploiting contract bugs such as with the batch/proxyOverflow exploit and the infamous DAO hack.
MonitorChain — a product by Zenchain — has partnered with the multi-chain decentralized exchange platform ContractLand to prevent hacked, stolen, or counterfeit tokens from being used in their exchange protocol. ContractLand is designed to provide the liquidity infrastructure for the interoperability of tokenized assets across blockchain networks. It employs a cross-chain bridging technology known as Terra-Bridge that is built to facilitate the cross-chain value transfers of an Internet of blockchains. Interoperable and decentralized exchange protocols like ContractLand — that are non-custodial — are largely seen as the future of tokenized asset exchange in the industry.
Zenchain CEO, Seth Hornby, identifies the current problems facing the industry and asserts:
“As the industry matures, the level of security users demand from their cryptocurrency exchanges is growing steadily. Traders have lost patience with endless losses due to hack and theft from inadequate security protocols. ContractLand is at the forefront of the next generation of exchanges who are taking the protection of their user’s funds seriously.”
In an effort to respond to the evolving attack vectors in the cryptocurrency field, ContractLand is working with MonitorChain to provide an unparalleled on-chain monitoring and alert system for ContractLand’s Terra-Bridge between the public Terra-Chain blockchain and outside, bridged blockchain networks. According to Peter He — lead developer at ContractLand:
“Security is the biggest focus in ContractLand’s journey in delivering a trust and censorship free value exchange system. While ContractLand is safe from traditionally centralized attack surfaces, blockchain or smart contract level attacks is a new vector we will need to defend against actively.”
“MonitorChain’s real-time smart contract surveillance solution helps us in achieving our vision by creating a safeguard against potential on-chain attack vectors.”
By integrating a solution such as MonitorChain’s that is designed to listen to suspicious on-chain activity and feed an internal warning system of contracts, ContractLand is taking a step towards proactive and evolved protection that reduces instances of successful hacking and laundering through its exchange protocol.
The arrangement between MonitorChain and ContractLand is defined by Hornby as:
“ContractLand.io use a ‘bridge’ to allow coins/tokens from multiple blockchains to be deposited, and are then issued proxy tokens that are used for trading within their exchange; and are then sent back to the bridge for withdrawal as they are exchanged back for the real coins/tokens stored there. MonitorChain is providing monitoring and alert services to ContractLand for this bridge, to notify instantly should a token be compromised, as well as to mark blacklisted addresses associated with criminal activity.”
The entire process is fully automated to prevent the deposit of compromised or blacklisted tokens to the ContractLand bridge. As a result, MonitorChain provides an effective tool for not only protecting against hacking instances but also for mitigating the subsequent laundering of illicit funds through the exchange.
The CipherTrace report highlights how rampant money laundering through cryptocurrency exchanges has become — with an estimated $2.5 billion laundered since 2009. There is no precedent for the opportunity for hackers to successfully steal and clean illicit funds through cryptocurrency exchanges.
While increasing AML regulations can help reduce the prevalence of laundering, it is partnerships like MonitorChain and ContractLand’s that will fuel the next-generation of security at the smart contract level through real-time, on-chain alert systems of decentralized protocols.