‘Flash Boys’ Trading Bots Are Running Wild on Crypto Exchanges - BLOOMBERG
Cornell Tech detects front running at decentralized exchanges
Researchers suggest impact could be in billions of dollars
“Flash Boys”-like trading manipulation is rampant on certain cryptocurrency exchanges, according to a paper from researchers at Cornell Tech and several other universities.
Special arbitrage bots are anticipating and profiting from ordinary users’ trades on decentralized exchanges, which let them trade more directly, the authors said in a report released last week. The firms that deploy the autonomous trading programs manage to get priority ordering by paying higher fees, and use that advantage for practices such as front running, in which traders can see orders from others and manage to place their own first.
While decentralized exchanges -- called DEXes -- still account for only a small fraction of overall trading volume, their usage is expected to grow, thanks to efforts of companies like Binance, the world’s largest centralized crypto exchange. Binance is building out its own decentralized exchange, and many other centralized crypto exchanges are following suit. What’s more, similar practices are likely rampant on centralized crypto exchanges as well, Ari Juels, a professor at Cornell Tech, said.
"We have no idea what the extent of the malfeasance is on centralized exchanges," he said in a presentation last week during a blockchain conference at Cornell Tech’s New York City campus. “If we extrapolate from what we’ve seen on DEXes, it could well be on the order of billions of dollars."
John Wu, CEO of Digital Assets at SharesPost, and Brian Kelly, founder & CEO of BKCM at Cornell Tech’s NYC campus.
Photographer: Vildana Hajric/Bloomberg
The study is the latest red flag in a market that has been beset by allegations of manipulation since its onset a decade ago, including a recent report that said nearly 90 percent of exchange volume was suspect.
The crypto bots’ use can be so lucrative, it would pay for a miner to execute a so-called 51-percent attack, in which computers take over the network of a particular coin, Juels said in a later phone interview.
"We explain that DEX design flaws threaten underlying blockchain security," the eight authors said in the paper. "These bots exhibit many similar market-exploiting behaviors -- front running, aggressive latency optimization, etc. -- common on Wall Street, as revealed in the popular Michael Lewis expose ‘Flash Boys.”’
The 2014 book by Lewis, a Bloomberg contributor, alleged that the equity market was rigged in favor of high-frequency trading firms that profit from high-speed data links with stock exchanges.
A host of pitfalls exist for anyone trying to catalog illicit behavior on electronic exchanges and it’s unlikely the challenges are any less in markets where smart contracts are executed. Five years after its publication, Wall Street traders still bristle at the notion that Lewis’s book exposed rampant criminality -- what he called manipulation, they see as the unavoidable facts of life for exchanges where people expect to buy and sell instantaneously. Even the meaning of a term like “front running” is ambiguous, where some say it denotes advantages professional market makers have always possessed over investors needing real-time execution.
The authors of the paper have been tracking a select six decentralized exchanges in real time since October, and also examined historical data. Just on the six exchanges -- a fraction of total number of DEXes -- they spotted more than 500 bots currently making up to $20,000 a day via such activities, lead author Philip Daian said in a phone interview. Exchanges where activities like front running take place include EtherDelta and Bancor, the researchers said.
Bancor says it has features that “neutralize” threats of bot manipulation. The Swiss-based company, which functions as a market maker, does this, in part, by setting maximum gas prices to ensure attackers can’t bid more to skip the line, said Nate Hindman, director of communications at Bancor.
EtherDelta founder Zachary Coburn reached a settlement in November with the U.S. Securities and Exchange Commission for operating as an unregistered national securities exchange. The company did not immediately respond to requests for comment.
The researchers even built their own bot to better understand how such trading practices were possible -- and, to their surprise, even received buyout offers, Juels said. They declined.
"This should incentivize the community to consider new exchange designs," Juels said.