What is essential for executives of Web3 companies to know in order to prevent hacker attacks in 2023? What are the top attack vectors targeting blockchain projects today? What tools are used in investigating crypto project hacks? Andrei Kutin, CEO of Match Systems, one of today’s recognized leaders in investigating crypto incidents, shared this and more with CP Media during an insightful chat.
— Please tell us about the company. When and how did it emerge, and what were the first challenges you faced? How would you define the main mission of the company?
— Match Systems was founded in 2021. The first task was to make up for the missing toolkit needed to connect the existing law enforcement system, which is quite archaic, with the crypto environment, which is actively developing and is adjacent to the traditional world that doesn’t fully comprehend how to interact with the new industry. For instance, there are always questions about the evidence base for crypto crimes when applying to government agencies. This gave us the idea of collecting such a high-quality database of compromised crypto addresses that courts in any jurisdiction could rely on it when dealing with cases related to cryptocurrencies. Actually, gathering this data served as a start for the new company. But this process is extremely expensive, and financial issues were the main challenges for us at first. However, the company reached a break-even point by 2022.
— Let’s talk about the project team. Who’s behind Match Systems? What are the areas of expertise of the company’s specialists and their competitive advantages over other professionals?
— The heart of our team consists of former law enforcement officers who were involved in investigations of such major crypto incidents as Hydra, Revil, etc. Therefore, we have first-hand knowledge of all the complexities encountered by state law enforcement agencies when investigating crypto incidents and are well versed in the intricacies of such work.
No less important in the team is the availability of highly qualified technical specialists. We’re very proud of our data scientists, research and development staff, math specialists, and smart contract auditors. In fact, they’re the ones who choose the actual direction and drive our product development forward.
— Are there any open positions we could announce at the moment?
— Absolutely. We’re always hunting for the best personnel. In particular, we are now actively integrating artificial intelligence into our products and therefore looking for talents among data engineers and data scientists. And, of course, we always welcome cool on-chain analysts.
— What’s the company’s system of product solutions?
— Our product line is built around a unique and constantly updated database of compromised crypto addresses. The AML service was created on this basis, making it possible to verify the “cleanliness” of a crypto address manually (via a Telegram bot) or automatically (via an API) and to make sure it wasn’t connected to assets of a particular risk category. All in all, we analyze 70 risk categories.
On top of that, we have an on-chain analyzer. This is a tool used primarily in crypto incident investigations. It’s often being modified to meet our specific needs that arise during the investigation process. For example, we’ve implemented a separate functionality that allows us to put “beacons” on certain types of activities or addresses on the blockchain. We also have a special tool for unraveling transactions on popular crypto mixers used for laundering stolen assets.
We’re constantly working on improving our analyzer, and, importantly, all enhancements are based on the real needs of investigators who face different tasks in their work.
Besides, our product line includes a solution for analyzing the unfair use of multi-accounting in various blockchain activities. It’s highly demanded among Web3 and iGaming representatives for analyzing smart contracts and planning airdrops.
Special attention should be paid to our successful developments in the secure storage and use of cryptocurrencies.
Moreover, there’s a substantial “service” part of our product line. It actually concerns crypto crime investigations we’re constantly dealing with in different jurisdictions. Unlike many competitors, we can not only analyze the incident but also successfully recover stolen crypto-assets. For instance, we’re the key investigators of such high-profile cases as Atomic Wallet, CoinsPaid, Alphapo, and others.
— What tools and technologies do you use to investigate and track unauthorized activities on blockchain networks?
— Our toolkit is quite extensive. We actively use all available technologies, from blockchain scanners to OSINT tools and various AI solutions for pattern recognition, content analysis, and detection of compromised crypto addresses in the global network.
We’re constantly keeping an eye on the most advanced technologies, testing new tools and selecting the best ones to implement into our daily work routine.
I’d like to point out that our main difference from many other investigators nowadays is the availability of our own software tools and developments that help us automate part of our work. As a result, we always improve the quality of our investigators’ work in those areas where it’s needed and refine our processes to meet emerging requirements.
— What’s the role of AI and machine learning in investigative processes? What specialized AI-based tools or solutions do you use today?
— As I’ve mentioned earlier, we actively use AI in both pattern recognition and information analysis. Additionally, we use neural networks to identify behavioral patterns of unscrupulous participants in the crypto industry.
Furthermore, we’re currently testing the operation and application of AI in our analyzer to provide reports and recommendations for investigations when checking suspicious crypto addresses and transactions.
— How do you cooperate with law enforcement and other blockchain projects during the investigation process?
— We work intensively and on an ongoing basis to expand our network in terms of building interactions with representatives of law enforcement agencies of various jurisdictions. Apart from personal contacts, we cooperate with foreign law enforcers via Interpol, financial intelligence, and direct inquiries between state police forces.
We also focus on establishing contacts with crypto exchanges and other players of the industry. By doing so, we help them communicate with each other, something that is often essential in responding quickly to crypto incidents.
— What legal challenges or obstacles would you highlight in investigating international attacks? How are these issues being addressed?
— There are quite a lot of problems. Starting from classifying the criminal to one or another jurisdiction due to the active use of VPN services and ending with building communication between police departments in different countries and participants in the crypto industry. The established network of direct contacts with key crypto industry players and representatives of law enforcement agencies of various jurisdictions is very helpful in solving such tasks. We also quite often resort to so-called short appeals via Interpol. Plus, we see a growing social responsibility of crypto projects, which more and more voluntarily and willingly assist in crypto crime investigations, and this cannot but rejoice.
— What are the main difficulties and problems faced when investigating hacker attacks on Web3 projects?
— The foremost issue is bureaucracy. The crypto sphere is much more dynamic than traditional law enforcement. The industry is moving forward, while the number of unscrupulous crypto participants is growing, but bureaucratic structures simply can’t keep up with all these changes. Law enforcement agencies lack young personnel and a general understanding of how the crypto industry works. In this regard, we’re actively developing educational activities and advising representatives of law enforcement agencies on how to conduct crypto investigations.
— According to media reports, hackers managed to steal over $1 billion in crypto in the first three quarters of 2023. How can companies in this field protect themselves? What advice would you give?
— First of all, it’s necessary to be very attentive to the software used by Web3 projects and make sure it’s not a scam. And besides, they must certainly contact specialists who deal with smart contract auditing.
We’ve recently introduced a new service, the so-called “Insurance” against a cry
This service is our thorough study of the potential risks of a crypto project’s smart contract and preliminary preparatory work to build connections with those market players whose interaction may be useful should a crypto incident occur. This service also includes the provision of our highly responsive assistance at a price substantially lower than what it would be if you were to come to us for assistance without prepaid insurance.
— What developments do you think the industry needs to minimize the risks of hacker attacks?
— All existing solutions in terms of AML verification exist now only for centralized platforms in the form of APIs. However, a secure blockchain oracle is needed to secure the DeFi sector as well. As I know, several teams are already developing such a product at the moment, but it’s still pretty far from being realized.
— What are the main types of hacker attacks on blockchain projects you’ve encountered in your practice? Which ones are the most difficult to investigate and why?
— Hackers and scammers adapt along with the industry. Attacks are more sophisticated. For example, besides purely technical forms of attacks, a complex approach involving quite advanced social engineering is gaining popularity. We can see this in all the latest high-profile cases, from Atomic Wallet to CoinsPaid.
This encourages us to master new methods of work in our investigations. Recently, we’ve been paying a lot of attention to working with HR agents, who help crime masterminds establish contact with some of the unscrupulous employees of a company that’s subsequently subjected to a hacker attack.
In this respect, our work is very interesting and creative. We always have to learn new things and adjust to practices that are changing every day.
— Do you monitor and analyze current threats and trends in blockchain security? If so, how do these activities take place?
— We certainly do. We have an entire team of analysts engaged in ongoing monitoring of current trends in crypto security. Moreover, we have several self-written tools for internal use, which allow us to partially automate this process and guarantee maximum coverage of the conducted research.
— Please share your opinion on the importance of educational materials and awareness of the blockchain community on necessary security measures in the context of preventing hacker attacks.
Today, crypto hygiene is a requirement for surviving in the crypto environment.
Nowadays, it’s no longer possible to ignore this sphere of knowledge, which is all the more constantly developing. Be attentive and make sure to follow the latest technologies used by unscrupulous participants of the crypto market. Our X account (ex-Twitter) will help you in this. We regularly publish information about trends in this field.