'Flash Boys' trading bots are running wild on crypto exchanges

Olga Kharif and Vildana Hajric, Bloomberg News

Cryptocurrency mining rigs operate in a cargo container at the Golden Fleece cryptocurrency mining company in Kutaisi, Georgia. Bloomberg Bloomberg Bloomberg Bloomberg , Bloomberg

“Flash Boys”-like trading manipulation is rampant on certain cryptocurrency exchanges, according to a paper from researchers at Cornell Tech and several other universities.

Special arbitrage bots are anticipating and profiting from ordinary users’ trades on decentralized exchanges, which let them trade more directly, the authors said in a report released late last week. The firms that deploy the autonomous trading programs manage to get priority ordering by paying higher fees, and use that advantage for practices such as frontrunning, in which traders can see orders from others and manage to place their own ahead of them.

While decentralized exchanges -- called DEXes -- still account for only a small fraction of overall trading volume, their usage is expected to grow, thanks to efforts of companies like Binance, the world’s largest centralized crypto exchange. Binance is building out its own decentralized exchange, and many other centralized crypto exchanges are following suit. What’s more, similar practices are likely rampant on centralized crypto exchanges as well, Ari Juels, a professor at Cornell Tech, said.

"We have no idea what the extent of the malfeasance is on centralized exchanges," he said in a presentation last week during a blockchain conference at Cornell Tech’s New York City campus. “If we extrapolate from what we’ve seen on DEXes, it could well be on the order of billions of dollars."

The study is the latest red flag in a market that has been beset by allegations of manipulation since its onset a decade ago, including a recent report that said nearly 90 per cent of exchange volume was suspect.

The crypto bots’ use can be so lucrative, it would pay for a miner to execute a so-called 51-per cent attack, in which computers take over the network of a particular coin, Juels said in a later phone interview.

"We explain that DEX design flaws threaten underlying blockchain security," the eight authors said in the paper. "These bots exhibit many similar market-exploiting behaviors -- frontrunning, aggressive latency optimization, etc. -- common on Wall Street, as revealed in the popular Michael Lewis expose ‘Flash Boys.”’

The 2014 book by Lewis, a Bloomberg contributor, alleged that the equity market was rigged in favor of high-frequency trading firms that profit from high-speed data links with stock exchanges.

The authors of the paper have been tracking a select six decentralized exchanges in real time since October, and also examined historical data. Just on the six exchanges -- a fraction of total number of DEXes -- they spotted more than 500 bots currently making up to US$20,000 a day via such activities, lead author Philip Daian said in a phone interview. Exchanges where activities like frontrunning take place include EtherDelta and Bancor, the researchers said.

Bancor says it has features that “neutralize” threats of bot manipulation. The Swiss-based company, which functions as a market maker, does this, in part, by setting maximum gas prices to ensure attackers can’t bid more to skip the line, said Nate Hindman, director of communications at Bancor.

EtherDelta founder Zachary Coburn reached a settlement in November with the U.S. Securities and Exchange Commission for operating as an unregistered national securities exchange. The company did not immediately respond to requests for comment.

The researchers even built their own bot to better understand how such trading practices were possible -- and, to their surprise, even received buyout offers, Juels said. They declined.

"This should incentivize the community to consider new exchange designs," Juels said.