Why Crypto Custodians Are Still A Weak Link

Written by christinatkach | Published 2021/01/11
Tech Story Tags: blockchain | cryptocurrency | security | crypto-custodians | cryptocurrency-custodians | crypto-weak-link | cryptocurrency-weak-link | hackernoon-top-story

TLDR The price of Bitcoin has almost doubled from around $10,500 in October to $24,000 in the middle of December. Some of the biggest price changes coincided with troubling news around custodians, ranging from withdrawal suspensions to exploited security vulnerabilities. The market had plenty of warning signs well before the volatility spikes, but very few acted upon them. Let’s have a look at how proactive surveillance of traditional media, tech blogs, and social media can give you a head-start of hours, and in some cases, days.via the TL;DR App
In the past 3 months, the price of Bitcoin has almost doubled from around $10,500 in October to $24,000 in the middle of December. This was a volatile journey with daily price swings reaching 17.6%. Some of the biggest price changes coincided with troubling news around custodians, ranging from withdrawal suspensions to exploited security vulnerabilities. Interestingly, the market had plenty of warning signs well before the volatility spikes, but very few acted upon them. Let’s have a look at how proactive surveillance of traditional media, tech blogs, and social media can give you a head-start of hours, and in some cases, days. The work below uses Yupana’s Natural Language data streams fed into NTerminal - one can see spikes in negative sentiment and messages classified as a security vulnerability, fraud, and withdrawal problems.
BTC-USD Daily Volatility in Oct-Dec, 2020. Source: NTerminal

Arrests of Senior Executives in China

The latest arrests of crypto senior executives in China showed the government’s determination to crack down on crypto exchanges in the country as their Digital Yuan project is picking up speed. Its full rollout is planned for the 2022 Winter Olympic Games in Beijing and any potential competition (local exchanges, custodians, cryptocurrencies) is being methodically eliminated.
In the beginning of November, rumors spread that the COO of Huobi exchange, Zhu Jiawei, along with the CEO and founder Lin Li were under investigation by the Chinese police. The news resulted in a price drop in Huobi’s native token (HT).
Huobi Token (HT) Price Drop on Nov 2. Source: NTerminal
NTerminal’s “Security” tag spike was detected for Huobi almost a week before the news spread over mainstream media.
Security and Fraud topic spikes in relation to Huobi. Source: NTerminal
Even after the exchange assured its users on its Twitter account that the rumors were false and that the exchange was operating normally, the instability on the exchange continued. A massive outflow of BTC and ETH was observed on the same date as the tweet. Huobi COO Zhu Jiawei has remained unreachable since Monday, November 2.
BTC and ETH Outflow from Huobi Exchange on Nov 2. Source: NTerminal
Two weeks prior to Zhu’s arrest, on Oct 16, 2020 OKEx suddenly suspended withdrawals. The reason, again, was the detention of its founder Xu Mingxing (aka Star Xu). The exchange claimed he was cooperating with the police on an investigation. However, the alleged reasons for his arrest, which lasted until the end of November, were different — money laundering on OKEx and a backdoor listing of his company OK Coin on the Hong Kong Stock Exchange in 2019. As Star Xu was one of the cold wallet key holders, the exchange couldn’t validate any of the outgoing transactions.
Sentiment Analysis for OKEx. Source: NTerminal 

Domain Hijacking

Another volatility spike that caught the market by surprise was caused by multiple domain hijacking attacks at the end of November. At least six cryptocurrency trading platforms had the ownership of their domains briefly transferred to malicious actors. Falling victim to social engineering, employees at GoDaddy — the world’s largest domain registrar — incorrectly transferred control of the accounts and domains to malicious actors. These actors took control of internal email accounts and partially compromised the infrastructure of the breached platforms. The scheme used by hackers was similar to the one used for the Twitter attack in July earlier this year.
Domain ownership changes have not gone unnoticed by the IT security community who rang the bell early. Spikes of “Security” tagged natural language events once again served as early warnings for traders who proactively monitor the market. This allowed them to pull their funds from affected platforms well ahead of the final stages of the attacks.
Security tag spikes for BIBOX and NiceHash. Source: NTerminal

What this means for you

Ability to anticipate upcoming events and mitigate the accompanying risks is what makes the difference between postmortem investigations and proactive monitoring. Crypto custodian troubles underline the importance of market surveillance beyond compliance reports. Natural language processing, coupled with reliable market data and blockchain forensics can provide unique and timely intelligence, not only keeping the funds safe, but also giving an early volatility warning to anyone in the market.
Also published on https://inca.digital/intelligence/china/
Written by christinatkach | Investigation Analyst at Inca Digital
Published by HackerNoon on 2021/01/11
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy