11 results found
Wang Z, Chaliasos S, Qin K, et al., 2023, On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy, Pages: 2022-2032
Zero-knowledge proof (ZKP) mixers are one of the most widely-used blockchain privacy solutions, operating on top of smart contract-enabled blockchains. We find that ZKP mixers are tightly intertwined with the growing number of Decentralized Finance (DeFi) attacks and Blockchain Extractable Value (BEV) extractions. Through coin flow tracing, we discover that 205 blockchain attackers and 2, 595 BEV extractors leverage mixers as their source of funds, while depositing a total attack revenue of 412.87M USD. Moreover, the US OFAC sanctions against the largest ZKP mixer, Tornado.Cash, have reduced the mixer's daily deposits by more than . Further, ZKP mixers advertise their level of privacy through a so-called anonymity set size, which similarly to k-anonymity allows a user to hide among a set of k other users. Through empirical measurements, we, however, find that these anonymity set claims are mostly inaccurate. For the most popular mixers on Ethereum (ETH) and Binance Smart Chain (BSC), we show how to reduce the anonymity set size on average by and respectively. Our empirical evidence is also the first to suggest a differing privacy-predilection of users on ETH and BSC. State-of-the-art ZKP mixers are moreover interwoven with the DeFi ecosystem by offering anonymity mining (AM) incentives, i.e., users receive monetary rewards for mixing coins. However, contrary to the claims of related work, we find that AM does not necessarily improve the quality of a mixer's anonymity set. Our findings indicate that AM attracts privacy-ignorant users, who then do not contribute to improving the privacy of other mixer users.
Wang Z, Qin K, Minh DV, et al., 2022, Speculative Multipliers on DeFi: Quantifying On-Chain Leverage Risks, Financial Cryptography and Data Security 2022 (FC22)
Qin K, Zhou L, Gervais A, 2022, Quantifying Blockchain Extractable Value: How dark is the forest?, Pages: 198-214, ISSN: 1081-6011
Permissionless blockchains such as Bitcoin have excelled at financial services. Yet, opportunistic traders extract monetary value from the mesh of decentralized finance (DeFi) smart contracts through so-called blockchain extractable value (BEV). The recent emergence of centralized BEV relayer portrays BEV as a positive additional revenue source. Because BEV was quantitatively shown to deteriorate the blockchain's consensus security, BEV relayers endanger the ledger security by incentivizing rational miners to fork the chain. For example, a rational miner with a 10% hashrate will fork Ethereum if a BEV opportunity exceeds 4x the block reward.However, related work is currently missing quantitative in-sights on past BEV extraction to assess the practical risks of BEV objectively. In this work, we allow to quantity the BEV danger by deriving the USD extracted from sandwich attacks, liquidations, and decentralized exchange arbitrage. We estimate that over 32 months, BEV yielded 540.54M USD in profit, divided among 11,289 addresses when capturing 49,691 cryptocurrencies and 60, 830 on-chain markets. The highest BEV instance we find amounts to 4.1MUSD, 616.6x the Ethereum block reward.Moreover, while the practitioner's community has discussed the existence of generalized trading bots, we are, to our knowledge, the first to provide a concrete algorithm. Our algorithm can replace unconfirmed transactions without the need to understand the victim transactions' underlying logic, which we estimate to have yielded a profit of 57,037.32 ETH (35.37MUSD) over 32 months of past blockchain data.Finally, we formalize and analyze emerging BEV relay systems, where miners accept BEV transactions from a centralized relay server instead of the peer-to-peer (P2P) network. We find that such relay systems aggravate the consensus layer attacks and therefore further endanger blockchain security.
Qin K, Zhou L, Gamito P, et al., 2021, An empirical study of DeFi liquidations: Incentives, risks, and instabilities, Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, Pages: 336-350
Financial speculators often seek to increase their potential gains with leverage. Debt is a popular form of leverage, and with over 39.88B USD of total value locked (TVL), the Decentralized Finance (DeFi) lending markets are thriving. Debts, however, entail the risks of liquidation, the process of selling the debt collateral at a discount to liquidators. Nevertheless, few quantitative insights are known about the existing liquidation mechanisms. In this paper, to the best of our knowledge, we are the first to study the breadth of the borrowing and lending markets of the Ethereum DeFi ecosystem. We focus on Aave, Compound, MakerDAO, and dYdX, which collectively represent over 85% of the lending market on Ethereum. Given extensive liquidation data measurements and insights, we systematize the prevalent liquidation mechanisms and are the first to provide a methodology to compare them objectively. We find that the existing liquidation designs well incentivize liquidators but sell excessive amounts of discounted collateral at the borrowers' expenses. We measure various risks that liquidation participants are exposed to and quantify the instabilities of existing lending protocols. Moreover, we propose an optimal strategy that allows liquidators to increase their liquidation profit, which may aggravate the loss of borrowers.
Zhou L, Qin K, Cully A, et al., 2021, On the just-in-time discovery of profit-generating transactions in DeFi Protocols, Pages: 919-936, ISSN: 1081-6011
Decentralized Finance (DeFi) is a blockchain-asset-enabled finance ecosystem with millions of daily USD transaction volume, billions of locked up USD, as well as a plethora of newly emerging protocols (for lending, staking, and exchanges). Because all transactions, user balances, and total value locked in DeFi are publicly readable, a natural question that arises is: how can we automatically craft profitable transactions across the intertwined DeFi platforms?In this paper, we investigate two methods that allow us to automatically create profitable DeFi trades, one well-suited to arbitrage and the other applicable to more complicated settings. We first adopt the Bellman-Ford-Moore algorithm with DeFiPoser-ARB and then create logical DeFi protocol models for a theorem prover in DeFiPoser-SMT. While DeFiPoser-ARB focuses on DeFi transactions that form a cycle and performs very well for arbitrage, DeFiPoser-SMT can detect more complicated profitable transactions. We estimate that DeFiPoser-ARB and DeFiPoser-SMT can generate an average weekly revenue of 191.48 ETH (76, 592 USD) and 72.44 ETH (28, 976 USD) respectively, with the highest transaction revenue being 81.31 ETH (32, 524 USD) and 22.40 ETH (8, 960 USD) respectively. We further show that DeFiPoser-SMT finds the known economic bZx attack from February 2020, which yields 0.48M USD. Our forensic investigations show that this opportunity existed for 69 days and could have yielded more revenue if exploited one day earlier. Our evaluation spans 150 days, given 96 DeFi protocol actions, and 25 assets.Looking beyond the financial gains mentioned above, forks deteriorate the blockchain consensus security, as they increase the risks of double-spending and selfish mining. We explore the implications of DeFiPoser-ARB and DeFiPoser-SMT on blockchain consensus. Specifically, we show that the trades identified by our tools exceed the Ethereum block reward by up to 874×. Given optimal adversarial strategies provided by a M
Qin K, Zhou L, Livshits B, et al., 2021, Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit, FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2021, PT I, Vol: 12674, Pages: 3-32, ISSN: 0302-9743
Digital contents are typically sold online through centralized and custodian marketplaces, which requires the trading partners to trust a central entity. We present FileBounty, a fair protocol which, assuming the cryptographic hash of the file of interest is known to the buyer, is trust-free and lets a buyer purchase data for a previously agreed monetary amount, while guaranteeing the integrity of the contents. To prevent misbehavior, FileBounty guarantees that any deviation from the expected participants' behavior results in a negative financial payoff; i.e. we show that honest behavior corresponds to a subgame perfect Nash equilibrium. Our novel deposit refunding scheme is resistant to extortion attacks under rational adversaries. If buyer and seller behave honestly, FileBounty's execution requires only three on-chain transactions, while the actual data is exchanged off-chain in an efficient and privacypreserving manner. We moreover show how FileBounty enables a flexible peer-to-peer setting where multiple parties fairly sell a file to a buyer.
Janin S, Qin K, Mamageishvili A, et al., 2020, FileBounty: Fair Data Exchange
Digital contents are typically sold online through centralized and custodianmarketplaces, which requires the trading partners to trust a central entity. Wepresent FileBounty, a fair protocol which, assuming the cryptographic hash ofthe file of interest is known to the buyer, is trust-free and lets a buyerpurchase data for a previously agreed monetary amount, while guaranteeing theintegrity of the contents. To prevent misbehavior, FileBounty guarantees thatany deviation from the expected participants' behavior results in a negativefinancial payoff; i.e. we show that honest behavior corresponds to a subgameperfect Nash equilibrium. Our novel deposit refunding scheme is resistant toextortion attacks under rational adversaries. If buyer and seller behavehonestly, FileBounty's execution requires only three on-chain transactions,while the actual data is exchanged off-chain in an efficient andprivacy-preserving manner. We moreover show how FileBounty enables a flexiblepeer-to-peer setting where multiple parties fairly sell a file to a buyer.
Zhou L, Qin K, Torres CF, et al., 2020, High-Frequency Trading on Decentralized On-Chain Exchanges, 42nd IEEE Symposium on Security and Privacy
Qin K, Hadass H, Gervais A, et al., 2019, Applying private information retrieval to lightweight bitcoin clients, Pages: 60-72
Lightweight Bitcoin clients execute a Simple Payment Verification (SPV) protocol to verify the validity of transactions related to a particular user. Currently, lightweight clients use Bloom filters to significantly reduce the amount of bandwidth required to validate a particular transaction. This is despite the fact that research has shown that Bloom filters are insufficient at preserving the privacy of clients' queries. In this paper we describe our design of an SPV protocol that leverages Private Information Retrieval (PIR) to create fully private and performant queries. We show that our protocol has a low bandwidth and latency cost; properties that make our protocol a viable alternative for lightweight Bitcoin clients and other cryptocurrencies with a similar SPV model. In contract to Bloom filters, our PIR-based approach offers deterministic privacy to the user. Among our results, we show that in the worst case, clients who would like to verify 100 transactions occurring in the past week incurs a bandwidth cost of 33.54 MB with an associated latency of approximately 4.8 minutes, when using our protocol. The same query executed using the Bloom-filter-based SPV protocol incurs a bandwidth cost of 12.85 MB; this is a modest overhead considering the privacy guarantees it provides.
Song Yubo, Qin Kaihua, Zhou Mujing, 2014, Accurate location based services by mobile phone actively detected, International Conference on Cyberspace Technology (CCT 2014), Publisher: Institution of Engineering and Technology
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.