Start-up and phishing attack: DEX as Waves started

According to the blockchain-Waves project, a new decentralized stock exchange of the company (DEX) at the end of beta testing last month has contributed to a cryptocurrency transaction volume of $6 million dollars a day. This is six times more daily volume, which AirSwap rival exchange boasted during its April debut.

Waves also announced that the exchange has 90 000 traders have used 330,000 wallets in anticipation of the final launch this week. These figures are much higher than comparable figures for other DEX.

There are several reasons for this impressive work. One of them is the speed and attentiveness of a centralized service coordination platform. Another reason is that almost any trader can issue a token on a unique blockchain Waves and instantly start trading them for bitcoin on the exchange. And most importantly – check for KYC traders optional except in certain cases.

However, for the exchange, all is not as rosy as it might seem at first glance.

On Tuesday, when Waves formally ended the eighteen-month beta period and launched the full version of the DEX, hackers infiltrated the website of the stock exchange, and parent company with the purpose of phishing information personal wallets of users. Waves took a few hours to resume work at the site after restoring access to the DNS server.

«Someone just gave a fake copy of my passport to the staff domain of the company, and on request they changed the password, after which the attackers were able to access the main site,» — said General Director Alexander Ivanov Waves.

Despite this, Ivanov confidence in the bright future of the exchange was not undermined by criticism of the incident and the security of the site. He hoped that even the banks will run a currency on its DEX:

«We are trying to conclude a partnership agreement with the big banks because they are hoping that they will want to issue its own Fiat tokens on our platform.»

How it works

To make transactions on the DEX, users need tokens Waves. The project has attracted $22 million through the sale of its token in 2016. These tokens are used to run smart contracts and promotion of operators ‘ sites on the blockchain Waves. A similar model is used in Ethereum.

The network gathered more than 200 unique nodes, among which controlled canadian mobile gaming company RewardMob.

«Now we don’t have to worry about controlling the currencies of different countries and that players want to withdraw money in different currencies. This allows players to trade their tokens with other players. Working decentralized exchange has become a key factor in our decision to work with the Waves,» said CEO RewardMob Todd Koch (Greg Koch).

His company launched its token on the basis of the Waves and preparing for the ICO. RewardMob controls licenzirovanie awards for several video games and supports the work of the wallets more than 100,000 users.

«We want to integrate the DEX right in our app. Then, earning our currency, the player will be able to easily exchange it for Waves or bitcoin or any other cryptocurrency,» said Koch.

As software Waves DEX to coordinate user application is open source, many nodes can run their coordinating services and earn Commission (in tokens Waves) for processing the transactions.

However, the majority of transactions passes through our service coordination Waves. Dean Eigenmann (Dean Eigenmann), co-founder of blockchain startups Harbour and the DEX-Dexy project, found this approach questionable, stating that it undermined the main purpose of the concept of DEX, as the work of the service can be stopped at the initiative of the Central authority.

Ivanov admitted that the current situation does not correspond to the decentralized spirit of the exchange and must change.

Compliance with laws

DEX Waves usually requires identity verification in two cases: when users want to withdraw cash through Czech payment processor Coinomat, a company also owned by Ivanov; or when they release their token on the platform Waves, and then add it to the open listing on DEX.

According to Ivanov, the issue of the tokens that will be traded within the option of the closed listing does not require identity verification. The exchange of bitcoins into other tokens requires no verification.

«At the moment you can trade cryptocurrency without going through KYC checks,» — said Ivanov.

However, drew Hicks (Drew Hinkes), General counsel and founder of the cryptocurrency consulting firm Athena Blockchain, said that this feature probably does not apply to users in the United States.

«From the 2013 guidelines issued by FinCEN [Treasury Department United States struggle with financial crime], we know that many members of the cryptocurrency community must comply with the Bank secrecy Act and AML rules, which are designed to fight money laundering,» said Hinks. «These programs should include a system of identification of clients».

Under this guidance, if an exchange accepts or makes transfers of virtual currencies, or for any reason, buys or sells virtual currency, it is a company providing money transfer services and falls under the authority of FinCEN. Therefore, this exchange must verify the identity of their clients.

«The guidance States that if a company provides money transfer services, FinCen does not matter whether it is real or convertible virtual currency,» said Hinks, who is also a visiting lecturer at the University School of law new York University School of business Leonard N. Stern.

Meanwhile RewardMob requires users to provide personal information such as full names and addresses, as according to Koch, it is a requirement of canadian law on the totes.


Phishing attack this week not only eclipsed the official launch of the DEX, but has also drawn criticism in relation to the fact that to use a software wallet site users, Waves has introduced the phrase to restore access, which act as passwords for cryptocell.

Ivanov, however, made the attack a different lesson. He said

«We and the whole industry must work towards a decentralized domain name system».

The press Secretary Waves added that «the DNS servers of the site Waves supported by the server by the Registrar, and in this case their safety is out of our control. However, the security level of the server, the Registrar really is in question, and therefore, at present we are evaluating further steps to ensure that this single breach of security that will never happen again.»

However, the incident was not the first problem in the history of the company, which relates to security.

In 2017 the audit firm Kudelski Security, specializing in cybersecurity, have shown that, despite the General «good technique of security,» a unique blockchain Waves was susceptible to several types of attacks. Also the user passwords were stored in the database unencrypted text, which «can be read by anyone who obtained access to the file system».

In response, Ivanov said,

«Most of the recommendations were implemented. As for the passwords, all the critical points have been fixed, they are still kept in the open configuration file».

Eigenmann, said he was not impressed with the infrastructure Waves or ICO project.

«I am confused by the skill level of software development, which is found in some of these projects,» he said. «I don’t see any real value in tokens for exchanges».

According to internal data Waves, June 23, DEX traders exchanged Waves tokens for bitcoins in the amount of $1.59 million and Monero in the amount of $251 697. Ivanov said that he is grateful to the community for the support of ICO and seeks to provide a truly valuable service for global business.

«Our blockchain pretty fast,» he said, saying that Waves can process 500 transactions per second. «We have a very active Brazilian and Turkish community, you can even exchange a token Lira on our exchange».

Добавить комментарий