Dima Dimenko is the co-founder of 111PGa crypto-protection community focused Ukrainian white hackers.
Hacking attacks can cause massive financial and reputational damage during Initial Dex Offerings (IDO). This is why protecting against these types of attacks should be a priority for token issuers. Preventive measures help minimize the risks associated with these attacks.
Understanding the main types of attacks helps to develop the most effective protection tools.
Why cybersecurity is king
Cybersecurity focuses on stability by eliminating or preventing potential threats. At the same time, it differs from other types of security based on the range of risks. Cybersecurity during IDOs adds the financial component to the mix. Such an approach offers better protection to the parties involved.
The case of Polygonum-online shows the magnitude of the potential dangers. The project applied for protection from 111PG during its IDO on PancakeSwap. Security measures provided by 111PG stopped sniping bot attacks at [USD] 1.75 million. The other similar cases have saved companies between [USD] 90-300 thousand.
Projects and companies subject to IDOs may suffer reputational losses. These losses could result in significant operational disruptions as well as the loss of future funding opportunities. A company could also worsen its relationship with its users.
Preventing these attacks involves taking specific measures. Each stage must deal with a particular type of attack.
Types of Hacking Attacks
It is possible to divide these attacks into three broad categories. These categories are sniper bots, foreground bots, and sandwich attacks.
A sniping bot is a script that searches for new listings on multiple or a single automated market maker (AMM). It can work on any type of blockchain. Bots can target specific lists or all of them. Attacks differ based on their respective liquidity levels. The creators of these robots can run them or sell them to third parties. The bots need constant updates focusing on the respective metrics.
Block 1 is the main target for a sniping bot before a trading pair is established. These bots may enter early due to the public nature of the blockchain.
When bots react to changes in liquidity levels, they gain an unfair advantage over the price of the token. Therefore, the bot gains the ability to inflate the price. The next step is to sell these tokens to users.
Such a decision leads to a sharp drop in their price. The reasons for this are oversupply in the market and a chain reaction of sales.
While one sniper bot may be manageable, hackers deploy hundreds of them. The attack requires a centralized response. Hackers launch social media campaigns targeting users. Bots accuse projects undergoing IDOs of defrauding users. The combined effect is detrimental to businesses. This may prevent future IDOs and product launches.
Foreground robots are more sophisticated than sniper robots. They manipulate the order of transactions within a block by paying higher gas prices. The exchange puts them first in the queue for their transactions to be processed. The main reason is the inherent complexity of the algorithms. The duration of operations is also shorter.
The inherent complexity of these bots stems from the level of automation. It helps determine the optimal transaction size in a millisecond.
Since the information is available on a digital ledger, front running is legal. At the same time, the activity is illegal in the financial markets. Thus, it is up to IoT projects to improve security and protection. Metrics should focus on top bots.
Sandwich attacks combine the characteristics of forward and backward attacks. Such an attack begins when a bot detects an important order for a specific token. Large orders affect the price of the token, especially when going through an AMM. During the sandwich attack, a bot places an order at a slightly higher gas price. The price level allows you to get ahead of other users who place offers. Bots can see prices due to the public nature of the blockchain (slip tolerance).
The second part of sandwich attacks includes token sales. After inflating the price of the token, the bot initiates its sale with a margin. The attack harms users who buy tokens at higher prices and hold them during the decline.
Sandwich attacks hurt token issuers and trading communities. These attacks also cause reputational damage to the blockchain industry.
Protective and preventive measures
The good news is that companies have various tools for protection and prevention. They support projects during IDOs. These metrics focus on measuring spikes in liquidity and reacting to those changes. Like the scripts used by bots, protection solutions are also based on algorithms. These solutions support the timing of the response. The main challenge in implementing these measures and solutions is to avoid harming the IoT. At the same time, it is important to maintain the convenience and speed of transactions.
Another important challenge for the market today is the general knowledge of the problem.
Unfortunately, developers of token projects are often not even aware of the danger that can lie in wait for them during an IDO. Knowledge is an important part of our overall security. Thus, the problem of hackers and their impact on the market must be mentioned more and more often.
This will help attract more experts into the cybersecurity solution and institutionalize cybersecurity in crypto as part of the system rather than an exception.
We are all on the road to Web 3.0, but we are still struggling to understand what new challenges and hacking tricks await us. The development of any technology, especially in the digital world, is always associated with the development of fraudsters in the field. And they often succeed much faster than everyone else. Thus, being aware of a problem is already part of the solution.
– Rise of cryptojacking
– Hackers stole $670 million from DeFi projects in Q2, up 50% from Q2 2021
– 7 DeFi risks you should be aware of according to CoinShares
– NFT Giant OpenSea shares 5 security recommendations following leaked user emails
– Harmony offers to mint billions of ONE tokens to reimburse users affected by the hack
– Decentralized music platform Audius identifies source of $6 million exploit and claims to have applied patch
– 5 Risks You Should Know Before Using Centralized Crypto Lending Platforms
– SIM card swaps and other crypto-related crimes set to increase in South Korea, says SK