Case Study: Hacken’s Audit of EBSI Smart Contracts
Hacken performed smart contract audits for the EBSI, contributing to the safety and reliability of digital public services across Europe
🇺🇦 Hacken stands with Ukraine!Learn more
The roundtable began with the research introduced by Dmytro Budorin, the CEO of Hacken, and Serhii Dovhopolyi, the Head of CER, into the fake trade volume on cryptocurrency exchange called Bitforex, as well as on the most popular exchanges applying the trans-mining fee rewarding algorithm.
Serhii Dovgopolyi emphasized the importance of finding out whether different exchanges use various cheating methods and identifying fraud. The investigations are possible with the help of the precise CER analytics on adjusted volume.
Oleg Melnykov, the CFO of EXMO, said: Sometimes it may seem that bots are trading on the exchange. However, you shouldn’ forget about institutional investors who trade using APIs and make high volume transactions. It became clear that many exchanges cheat in terms of automated trading by bots and do not provide all the necessary information for analysis. The comparison between the stock exchange and the cryptocurrency one was made. It was noted that unlike stock exchanges, the crypto doesn’ provide the information on how the volumes are built.
As it was fairly noted by Igor Pertsiya, the CEX.io’s Head of Sales, the history of transactions require a license and unlike the stock exchanges, the crypto ones have yet to sign a regulation. Paolo D’Alberti (BEXAM) added: Doing this stuff is a part of the inherent positive value, this extra step shows that we are reliable and trustworthy. The questions of bot booking and the importance of historical data were raised. Serhii Dovgopolyi stated: Historical data is essential for transparency of the market. It’s the question of integrity.
Several participants pointed out the problem of storing the data and the mechanism of proving it. The questions of data transparency and security issues of hot and cold wallets were discussed. It was also noted that performing an external audit should be compulsory, however, the exchanges and ICOs cannot be regulated. Pat Kim, the CEO of Sentinel Protocol, stated the following: The best thing we can do is to make strong alliances with security companies, like you guys.
In the course of the discussion, it was concluded that it’s necessary to provide a transparent methodology where users will be able to see the real analytics and make sure that the algorithms are safe what CER is aimed at. The participants expressed their intention to perform an audit and show the results as soon as there will be a licensed regulator.
The second topic was connected with the cybersecurity trends. Dmytro Budorin, the Hacken CEO, told about the steps taken when testing the clients. The first thing is analyzing the scope of work. He noted: Only 18% of exchanges on CMC have open bug bounty programs. It became clear that most exchanges underestimate the importance of proper security and pay more attention to marketing.
The EXMO’s CFO, Oleg Melnykov stated: Moreover, the security of an exchange is the cooperation between security specialists that exchange offers and our clients who pay attention to their personal security. Dmytro Budorin disagreed with the statement telling that this way it seemed that the company neglects their users’ security without obliging them to use strong passwords upon registration.
The importance of bug bounty, as opposed to independent bug reports, was stressed. It was also noted by Vitalii Bondar, the CEO of BTC-Alfa, that: When it comes to the crypto exchange there is no such thing as a basic security package. It was concluded by the participants that bug bounty is a necessary solution to cryptocurrency exchanges’ security issues.
The issue of KYC and AML procedures was introduced by Dmytro Budorin. He raised a question of different cases of accepting stolen crypto by Binance and expressed the desire to cooperate with Crystal regarding this matter.
Kyryl Chykhradze, the Crystal’s Head of Project, told that Binance accepts crypto without KYC and any consequences whatsoever. It appeared that CEX.io company uses KYC and other procedures to make sure that money doesn’ come from the darknet. Some participants wondered whether the company’s private solutions are enough for the British government.
CEX.io’s Head of Sales, Igor Pertsiya, answered that private solutions are enough if there are necessary documents and clear working mechanism. He also pointed out the importance of keeping private data safe because non-compliance of the GDPR has serious consequences. Several participants mentioned that hiring third-party companies to perform KYC audit is time-consuming and expensive and no one will do until a regulation is accepted. Vitalii Bondar, the CEO of BTC-Alfa concluded that: the user’s personal information must be kept under the strictest control, stricter than their money. At the end of the discussion, Dmytro Budorin, the CEO of Hacken encouraged the participants to unite and launch a big movement for starting KYC procedures.
Being an objective and comprehensive crypto exchange rating platform, CER allows making proper investments and trading decisions by providing a wide range of analytical information. This will help the crypto industry to reduce the number of trading manipulations and hacking cases.
By organizing such roundtable, CER made it possible to exchange information and learn something new from the leading experts of the industry. An innovative blockchain technology continues to develop due to such platforms for discussion.