Presented by Jeremy Clark as a part of the 2020 Serene-risc Workshop on The State of Canadian Cybersecurity Conference: Human-Centric Cybersecurity
About the presentation
Somewhat quietly, entrepreneurs have been reinventing financial services on the public blockchain Ethereum. Services include CAD and USD-backed currency, exchanges and margin trading, securities and derivatives, and credit and lending. Going under the moniker of decentralized finance (DeFi), these services are open to anyone in the world with little to no regulation. In this talk, we will illustrate the DeFi landscape through the lens of a February 2020 cybersecurity attack on a DeFi margin trading platform called bZx. While the attack only netted $350K USD (a small payout compared to the hundred millions stolen from the Bitcoin exchange Mt. Gox), various details of the attack demonstrate stark differences between DeFi and traditional finance. The attack was baroque, with cash flows and arbitrage arrangements made across five independent DeFi services, yet took only seconds to completely clear and settle. It cost under $200 USD in transaction fees, including a collateral-free “flash” loan of over $2M USD worth of cryptocurrencies used to leverage the attack. With the total investment in DeFi services on Ethereum eclipsing $1B USD and growing, it is time for the security, finance, and regulatory worlds to take notice and collaborate on a plan to protect consumers.
About the speaker
Jeremy Clark is an associate professor at the Concordia Institute for Information Systems Engineering. At Concordia, he holds the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies. He obtained his PhD from the University of Waterloo, where his gold medal dissertation was on designing and deploying secure voting systems including Scantegrity—the first cryptographically verifiable system used in a public sector election. He wrote one of the earliest academic papers on Bitcoin, completed several research projects in the area, and contributed to the first textbook. Beyond research, he has worked with several municipalities on voting technology and testified to both the Canadian Senate and House finance committees on Bitcoin.