The convergence of machine learning, well-sorted and comprehensive transaction data, and the emerging blockchain “security stack” have paved the way for risk forecasting. Spectral is developing tools to help warn and understand emerging threats before they strike.
The Emerging Blockchain Security “Stack”
Web3 transactions are generally irreversible once they’re written on the blockchain, which means a successful attack will cause a permanent loss for its victims. As Campbell Harvey outlined in “DeFi and the Future of Finance,” and we covered in “Defining Risk in DeFi,” there are seven broad categories of risk: smart contract, governance, oracle, exchange, custody, scaling, and regulatory risk. To examine how you could protect DeFi from external threats, you need to find its attack surfaces.
Jonathan King and Steven Willinger at Coinbase Ventures recently mapped out a vision of web3 security as becoming a proactive, preventative force. To do so, they defined a stack. Drawing from Kofi Kufur’s 2022 “The State of Crypto Security,” Coinbase identifies four attack surfaces to protect: there is the underlying infrastructure, the smart contract, the protocol running on the smart contract, and finally the broader ecosystem.
They imagine developers thinking of blockchain security in a cycle. The first step is deciding on a protocol to use, and understanding what they call the infrastructure primitives. Wallets that a user interacts with the protocol through have to be secure. Access needs to be granted or restricted to appropriate entities with no workarounds. Potential transactions must be simulated for user experience and safety and monitored for emerging threats and vulnerabilities. Having chosen and implemented infrastructure primitives, developers need to make sure that the smart contracts they write use secure, well-defined, and audited code (such as OpenZeppelin templates), connect to trusted APIs and oracles, and that they operate and implement vigorous bug bounty programs.
Where Spectral comes in is in the final phase, as dApps are launched onto the blockchain and used by consumers and new threats emerge. Here, monitoring and real-time intelligence become essential for the survival of dApps. Risk management in the form of threat simulation or tools to improve capital efficiency (such as the MACRO Score) can mitigate those threats and maximize returns. Meanwhile “threat intelligence,” which Coinbase refers to as “data collected, processed and analyzed to understand a cybercriminal’s motives, targets, and attack behaviors” can help harden systems, while blockchain forensics can look at past data and track trends and interface with the criminal justice system.
But there’s something missing from the stack: forecasting. Think of a nervous system, ideally, DeFi should have something nearly autonomous, akin to Berkeley Professor Dawn Song’s MacArthur Fellowship work detecting patterns of vulnerability long before an attacker strikes. Now that DeFi has accumulated approximately eight years of Ethereum data it is becoming possible to detect threatening patterns and create effective risk forecasting in the form of predictive algorithms.
To return to our seamless sci-fi payment utopia future, threat forecasting might take the form of a red warning message broadcast before you send your money to a potential scammer.
What are predictive algorithms and where does risk forecasting fit in?
They called it the information age equivalent of crude oil: Web 2.0 offered consumers the chance to shop and pay bills online while maintaining a lively social media presence; meanwhile, on the backend, all this activity created tremendous amounts of data for marketers and data analysts to trawl through. Advertising could now be precisely targeted, websites could be tweaked to eek an extra percentage or two more from their customers, and the big silos (Facebook, Amazon, Apple, Google, Netflix) accumulated enormous war chests which they used to buy up competitors and expand their reach even further.
Predictive algorithms look through data for patterns to predict future events, there are two types, one used to guess a number, the other to guess which category something will belong to. The most famous might be Netflix’s recommendation system, which used to sponsor a competition (the Netflix Prize) for the team who could generate the most successful predictions.
How Spectral is using blockchain data to forecast risk
Spectral uses machine learning in two distinct ways. The first is traditional data analysis related to credit scoring. When building the on-chain MACRO Score, we created over 130 features that are used to create data packs, and customized feeds of data.
The second use is for predicting future behaviors. As an example, one useful signal would be predicting whether or not a wallet will interact with a mixing wallet. Given an incoming transaction, what's the probability of the recipient interacting with a mixer in the next 60 days?
Here’s how we anticipate it being created:
First Phase - Classifying a given wallet into cohorts
1. Did Alice interact with a mixer? (Binary)
2. What’s the probability that she will? (Gradient)
Second Phase - Providing a real-time alerting solution
How can you create a trustworthy, always-on system?
Third Phase - Working towards decentralization
How can Spectral maintain uptime and throughput while ensuring the system is as equitable, transparent?
Various ML approaches
- Measure a notion of a similarity score of Alice with (say) cohort mixer, where close to 0 means not similar vs close to 1 means similar
- Output: Alice has a similarity score of 0.92 with cohort mixer
- Adaptation of our credit scoring logic (given a loan, calculate the probability that the borrower will be liquidated in 60 days)
- Output: probability that the recipient of a given incoming transaction will interact with a specific cohort in 60 days
- Forecasting risk before malicious/fraudulent events occur
- Web3 user insights and analytics
- Product recommendations (to users on NFTs)
The Future of DeFi
Electronic payments should be effortless. Science fiction often depicts future financial transactions as a handwave that triggers an effortless shuffling of credits between accounts. The idea is money as a medium; on tap and at your command, the way electricity or cloud computing resources are today.
Ethereum creator Vitalik Buterin recently published a blog post outlining his frustrating experiences using Ethereum for payments. Was it a nudge for a solution? There’s no reason why decentralized finance couldn’t be as effortless as a movie finger snap. We have the technology, we have the mobile infrastructure, and a blockchain-based payment system in place. We even have a [relatively] decentralized global financial network that operates somewhat independently of national governments. So what’s stopping DeFi from letting users transact as much as they want between whomever they want, when they want, in whatever form they wish?
Engineering hurdles certainly exist. User interface design confounds all but the most expert users and probably needs decades of tinkering – but in truth most of the issues preventing a utopian vision of DeFi from evolving are human. They’re regulatory, they’re interpersonal, or inter-communal, and boil down to the difficulty of trusting one another on a trustless network. Traditional finance evolved external validation systems. (For example, the wild west wasn’t quite so wild when it came to credit assessment.) DeFi needs to build something better.
The convergence of DeFi data and predictive algorithms can help get us there.
Build with us
Are you interested in building the future of DeFi with Spectral’s API? We’d love to hear from you.