Ravi Madavaram, Director of AI Commercialisation at Advance.AI
As crypto grows in popularity, crypto scams are also on the rise. In 2021 alone, scammers ran away with a record US$14 billion in crypto assets. Of all the heists so far, Axie Infinity (owned by Sky Mavis) example stands out. Hackers stole digital assets worth US$625 million by exploiting vulnerabilities in its Ronin Network.
According to Ravi Madavaram, Director of AI Commercialisation at Advance.AI, say such incidents will affect users’ trust and confidence in P2E games, but recovery is possible if businesses invest in security measures and are transparent about these to their users.
In this interview, he speaks about the different measures to be taken by various stakeholders to prevent future heists.
Edited excerpts:
What does the Axie Infinity incident tell us? What lessons can we take from this?
The Axie Infinity hack reminds us about the vulnerabilities in the crypto markets even amidst its popularity. As crypto adoption continues to rise, this is drawing the attention of regulators and hackers, who are becoming increasingly bolder in their approach.
Enormous sums of money are being siphoned off in crypto heists, like Axie Infinity’s US$625 million. In 2021 alone, scammers ran away with a record US$14 billion in crypto assets.
The size of crypto exchange hacks growing together with the rising prices of crypto prove the susceptibility of both consumers and exchanges to such fraud and hacks.
What measures should different stakeholders take to prevent similar attacks in the future?
As for consumers, they should be more digitally savvy and educate themselves on the risks in this digital world. They need to be more alert and aware of divulging login information, wallet recovery phrases and clicking on links.
Web3/blockchain/crypto exchanges/metaverse gaming companies should ensure that proper security measures are in place to mitigate the risk of well-coordinated attacks by hacker groups, sometimes state-sponsored cybersecurity threats.
They should conduct KYB (know your business) and KYT (know your transaction) processes on top of eKYC. While compliance is done in the onboarding phase, where exchanges ensure individuals go through eKYC to verify their identity, businesses also need to invest in KYB to verify the business’s legitimacy and KYT.
Also Read: Sky Mavis raises US$150M led by Binance to reimburse users hit by the Axie breach
Exchanges can use KYT monitoring to review wallet transactions in real-time, detect any suspicious activity, file such reports, and manage investigations. This helps them tackle the high incidence rate of fraud in transactions.
Multi-factor authentication for centralised exchanges also needs to be done. Instead of using SMS OTP authentication, which runs the risk of having SMSes diverted and fraudulent transactions performed and being a weak link for spoofing, exchanges should consider biometric authentication instead. Biometric authentication is much more robust. It identifies the individual rather than the device, and solutions like liveness detection allow verification of a live user by checking the live person’s facial movements. This makes it less likely for identity theft to occur.
Crypto exchanges are also susceptible to hacking when the attacker exploits some part of the chain or smart contract and illegitimately trades or withdraws cryptocurrencies. They should invest in technology to effectively detect potentially fraudulent activity, such as on-chain insight to screen wallet addresses, monitor transactions, scrape the darknet and cluster, fraud prevention to monitor transactions, and detect and prevent fraud across different channels.
Regulatory bodies should ensure measures are put in place to protect both consumers and crypto exchanges. Crypto exchanges and other financial service institutions should adhere to these measures/guidelines for a safer environment.
Will such massive hacking incidents discourage users from play-to-earn games?
Since users’ trust and confidence in P2E games will certainly be affected, recovery is possible if businesses invest in security measures and are transparent about these to their users.
As the market continues to mature and grow, businesses will have to ensure these measures are robust and in place to prepare for the next wave of consumers who will join the P2E space and a potential round of new hackers that may displace this trust again.
What are the other common security threats that crypto exchanges face?
There are potential threats across the entire customer journey with crypto exchanges: onboarding, transactions, and identity recovery.
Onboarding phase: The risks associated with the onboarding phase include identity fraud, document fraud, technical fraud and multiple account fraud, where most of the compliance and focus is on individuals and institutions.
For individuals (for example, crypto traders), eKYC can be done remotely via your smartphone. You can submit documents like national identity to pre-fill customer information.
For institutions/institutional customers (for example, those entering the crypto market to facilitate payments from customers + B2B transactions), do KYB to verify the business and review the structure and background to ensure the company is who it claims to be. This helps to avoid fraud, money laundering or other criminal activity and should be automated to remove the lengthy onboarding and manual errors with manual KYB.
Transaction phase: The risks associated with the transaction phase include phishing emails, fake SMSes and higher value cases like money laundering. This can be checked using KYT and monitoring the entire chain.
For anti-money laundering/ financial crime, review transactions in real-time, detect suspicious activity, manage investigations and file suspicious activity reports.
Also, conduct on-chain insight to screen wallet addresses, monitor transactions, and scrape the darknet and cluster transactions.
Identity recovery phase: This phase might be most overlooked but is also quite common: how many of us have genuinely forgotten our passwords and need to find a way to re-login?
How can the exchange tell if this is a genuine customer or a bad actor trying to find a loophole and misappropriate someone’s login and password details?
There are also risks/gaps when working with multiple vendors for different phases in the customer journey, which shows the need for an integrated, single solution.
Also Read: Play-to-earn: Understanding the popularity of Axie Infinity
Advance.AI offers a one-stop platform to provide customers with a faster time to market, lower cost and efficiency, and the ability to customise workflows and ensure compliance across multiple markets.
Many countries are still apprehensive about cryptos’ possible misuse and have imposed a blanket ban on digital assets. How long can governments stay away from crypto?
There is no denying the popularity of crypto. There are an estimated 300 million users globally, with the total cryptocurrency transaction volume rising to US$15.8 trillion in 2021.
There is over 60 per cent unbanked/underbanked population in Southeast Asia. Crypto appeals to this audience as it promises quick gains and allows them to have an ownership stake in the ecosystem.
Crypto also appeals to the vast proportion of young, digitally savvy Gen Z and millennial generation in Southeast Asia. They are very comfortable with new technologies and want to be included in Web3.
While this is the case, we also see a high number and value of crypto scams, proving that there is more to be done to educate and improve these consumers’ digital literacy of fraud.
Governments’ key concerns include volatility of the currency/financial stability (which stems from that it is prone to speculation), AML/terrorist financing, the safety/ security of the platform, consumer protection and the ease of onramp/offramp, albeit their belief in the usefulness of blockchain.
Regulators tend to be more cautious and have a holistic view of benefits and risks than consumers.
If these are addressed in the long run, we should see more widespread adoption, and government approaches should warm up.
NFTs and tokens are also on the rise. Do you think governments should regulate these digital assets as well?
As the adoption of NFTs continues to grow, there is also an increasing number of scams; for example, US$1.7 million worth of NFTs were stolen from OpenSea in a phishing scam.
Other scams include forgery, money laundering, financial crime, pump and dump/ wash trading, and rug pulls.
Albeit a different asset, the same scam methods are being used, and hence there is still a need to regulate these asset classes.
Hence a need for KYT to monitor on-chain transactions, cluster, analyse and detect signs of association with tainted wallet funds or illicit behaviours.
As understanding and awareness of NFTs and tokens increases, we expect governments to bring in regulations in this area to protect consumers from fraud/bad actors.
While the users in its neighbouring countries are already embracing NFTs and metaverse, Singapore is yet to join the bandwagon. What could be the possible reasons for this lag?
Singapore may have been slower to adopt crypto as it has a much smaller proportion of the unbanked/underbanked population (2 per cent), which is much lower than that of the SEA region.
Singaporeans largely have access to various financial products and services and may be more cautious about adopting a risky asset like NFT/ crypto.
Having said that, Singapore is starting to join this bandwagon, with brands from various categories like running (races) and F&B entering this space.
We expect to see a surge in adoption in Singapore as an understanding of this grows.
—
Ready to meet new startups to invest in? We have more than hundreds of startups ready to connect with potential investors on our platform. Create or claim your Investor profile today and turn on e27 Connect to receive requests and fundraising information from them.
The post Axie Infinity hack reminds us about the vulnerabilities in crypto markets: Advance.AI’s Ravi Madavaram appeared first on e27.