KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit
Let’s take a closer look inside a $47M reentrancy attack on KyberSwap.
🇺🇦 Hacken stands with Ukraine!Learn more
Multi-million and billion dollar daily trade volumes fueled the confidence of the community in the inevitable prosperity and bright future for the crypto economy. Unfortunately, we were wrong…
10 years ago, Bitcoin changed the world, becoming the first cryptocurrency to carry out fast, secure and cheap peer to peer transactions without intermediaries and across borders. Blockchain, the underlying Bitcoin technology, has a number of unique and previously unrealizable qualities. Among them, decentralized transparency makes it possible to imprint the transaction history or other relevant information into the open ledger accessible to everyone, while remaining unalterable.
However, in the course of time, the global community seems to have forgotten the transparency feature of cryptocurrencies. We allowed crypto exchanges, the pillars of the new economy, to operate as black holes, completely concealing the way they work, store our assets and earn money. Daily trade volume was selected as the main metric of liquidity and sustainability of the exchanges, but it’s been the wrong approach. In 2017-18, we thought that crypto exchanges had reached a size to influence global finance.
Let’s investigate the ranking issue by comparing crypto exchanges with traditional banks of different sizes, such as J.P Morgan Chase, HSBC, and PrivatBank, to understand the current state and influence of the crypto economy as a whole.
The ICO boom and rapid crypto market growth in 2017 drew a lot of attention to cryptocurrencies. A huge number of new coins and tokens, along with growing demand for them, led to a surge in the number of crypto exchanges (according to some estimates there were already several thousand of them). The reason is that besides experienced traders and investors, millions of so-called ‘hamsters’ driven by FOMO and a desire to get rich fast, were attracted to the crypto industry. This “gold rush” blinded the community and discouraged it to standardize business dealings.
As exchanges were ranked according to trade volume and as there were no commonly used methodologies, tools, or approaches customarily used to analyze the legitimacy of exchanges, the majority of market players, such as BitForex and ZB.com abused the market by manipulating their trade volume by means of wash trading and other techniques. Millions and billions of dollars of daily trade volumes enabled them to increase their brand awareness by exorbitant levels of quality traffic/users.
At this stage, there appear several quite logical questions:
Nevertheless, the 2018 crypto-winter showed how immature the crypto industry was. During the bear market, the trading activity on the exchanges significantly dropped, and consequently, the trading platforms’ revenues did the same. As a result, we will likely witness a number of takeovers as well as a wave of bankruptcies and exit scams of the unsustainable and irresponsible exchanges in the near future.
Crypto exchanges are platforms for trading digital assets that are built upon blockchain technology. The key features of blockchain are the transparency and credibility of the information recorded.
Therefore, the only trustworthy data about the exchanges available now resides in their cold and hot wallet balances. This information may not be falsified and can be easily verified. Likewise, anyone can observe the wallets of a particular exchange and track all their changes and movements.
The aggregate balance on the exchanges’ wallets reflects the assets size held by this exchange. At the same time, the wallets show the scale of the exchange’s liabilities, represented by the deposits made by the users of the trading platform. Thus, based on this indicator, we can determine the real scale of a crypto exchange’s operations and performance.
Crypto exchanges play a key role in the crypto economy. They are intermediaries between traders, investors, crypto projects and other stakeholders willing to buy or sell cryptocurrencies. They are comparable to traditional banks, but specifically for the crypto industry.
The only comparable financial indicators for crypto exchanges and banks are client deposits in traditional banks and the balances of exchanges’ wallets since they indicate the level of liabilities for both of them.
*Unfortunately, other financial information on exchanges is not publicly available.
Despite the millions and billions in daily trade volumes of the largest crypto exchanges (by wallets balances), they fall far behind banks by that metric (deposits VS balances) due to the immaturity and weakness of the crypto economy.
For illustrative purposes we decided to compare the following financial institutions by their clients’ deposits:
The banks’ deposits data was acquired from the corresponding most recent reported balance sheets (see references) and crypto exchanges wallets balance data were taken from CER platform (as for February 12th). The details can be seen here.
Fig 1. (Banks and crypto exchanges by clients’ deposits)
Fig 1 shows that the top-5 exchanges, representing the level of their wallet balances, are not even visible beside those for the top-5 world banks.
Fig 2. (Local banks and crypto exchanges by clients’ deposits)
Help CER to make the balance rating more precise and accurate – Report exchanges’ wallets and get awesome rewards!
If we omit the top-5 banks from the comparison, we still can see that global trading platforms fall behind by customer deposits even compared to local banks from emerging countries (see fig 2).
Fig 3. (Top-5 crypto exchanges by clients’ deposits (wallets balances) according to CER)
And fig 3 displays only wallet balances of top-5 exchanges.
So, as we could see from the previous comparison of client deposits for banks and global crypto exchanges, the top-5 trading platforms’ wallet balances lag behind the deposits in local banks by 15 times on average. The gap between trading platforms and top-5 banks by this indicator is more remarkable – over 1,000 times. It implies the long way for crypto exchanges to go in order to attain a truly global scale, which will be measured not by virtual numbers of trading volumes but by real customer funds, trusted to exchanges.
We have already seen many marvelous success cases of new crypto exchanges reporting hundreds of millions and even billions of dollars in trade volume just a few months after launch, like in the case of BitForex exchange. Another example is Bitinka exchange, which suddenly appeared in the first place of CMC rating by reported volume on January, 9th (see fig. 4).
Fig 4. (CMC rating by 24-h reported volume on the 9th of January)
Even BitMEX and Bithumb, the persistent leaders of the ranking, were left far behind as Bitinka claimed $8.7 bln of 24-hours trade volume.
Thus, the question is what part of those reported volumes consists of real trades. What is the effect of the exchanges’ eagerness to attract new users on the verity of the information about their trade volumes?
It looks like it’s time to start judging crypto exchanges by the real and most reliable criteria – wallet balance as a measure of their solvency and scale. You can do it NOW, using CER platform!
J.P. Morgan Chase & Co (US) – quarterly report.
Bank of America (US) – quarterly reports page, report file.
HSBC (UK) – quarterly reports page, report file.
Wells Fargo (US) – quarterly report.
Citigroup (US) – quarterly report.
Attijariwafa Bank (Morocco) – annual report.
Thanachart Bank (Thailand) – quarterly reports page, report file.
Habib Bank Limited (Pakistan) – annual report.
Byblos Bank (Lebanon) – annual report.
Privatbank (Ukraine) – annual report.