[Transcript] Anatoly Ressin on DigeconLIVE! #BreakingTalks
DigeconLIVE! #BreakingTalks — Kucoin 150M+ Hack — Recovery & Cybersecurity
Christiana:
Hello, and welcome! This is DigiconLIVE! and we’re bringing to you Breaking Talks. Breaking Talks discusses current events and brings community members, experts in the field to discuss and move forward. Today we will be discussing the Kucoin Hack. If you haven’t heard: on Friday over 150 million coins have been hacked from the cryptocurrency exchange.
Kucoin is a cryptocurrency exchange based in Singapore.
And this is actually the sixth hack that happened this year alone. So we are very pleased to have Neal Conlon, a Cybersecurity Expert, and Anatoly Ressin from PARSIQ, a Blockchain monitoring app.
So within this hour, we are going to hear from Neal and then we’re going to hear from Anatoly. So look forward to getting deep into these issues and knowing how to move forward. So I’m very pleased to present Neal!
Nice to see you!
Neal Conlon:
Hello there!
Christiana:
Hi great! Where are you streaming from?
Neal Conlon:
I am spending this summer, fall in Hudson Valley, New York. So about an hour North of New York City.
Christiana:
Ok! That’s amazing. That sounds relaxing.
Neal Conlon:
It is very relaxing, not the urban jungle of a city for sure.
Christiana:
Fantastic. So Neal can you give the audience a little bit of a background on your experiences in relation to cybersecurity and these breaking news.
Neal Conlon:
Sure, so…
For anybody who’s not familiar, I’m a military veteran, served a bunch of years in the US Marine Corps, I came out of the military, started working at a hedge fund, and one of their chief technology officers took me underneath his wings, taught me a lot about infrastructure, architecture, data, and how algorithms work. At one point I was doing a lot of coding and I kind of graduated to the point, where I was really passionate about explaining how technology works to people who may or may not understand how technology works.
And because of my military background and because of my technology background, I’ve become a serial entrepreneur over the years both in technology and startups, and investing, and I’ve bought my first bitcoin in 2009 for about $19 a bitcoin just because I was fascinated of this next-gen technology.
I’ve always prided myself on being a go-to person for knowing what’s going on in the next-gen space. […] I’ve always been ahead of the curb on cryptocurrency, AI, machine learning, etc. And then about 4 years ago I became fascinated about how fast technology is moving, but how slow our ability to secure all these different types of technology is moving the same time, and now we’re on the precipice of where that intersection is. Right now we’ve got everything from JP Morgan to Goldman Sachs to every major bank on the planet to countries are now going into the world of building their own exchanges, their own general ledgers, making coin transactions happen, and now what just happened is an example of some of the things we have to be careful of.
Christiana:
Yes, thank you for the overview Neal. So we’re going to be able to get a deeper inside look exactly on the Kucoin specifically, but it would be great to hear from you. Recently there have been scams, exchange scams. What would you say is the number one step in for the people who are looking forward to exploring this different investment opportunity? What is a method for them to be safe online while they are exploring digital currencies and these opportunities?
Neal Conlon:
Well, in all honesty, the crazy part of it is that when the world of the internet, technology, first started to materialize as like a requirement in life, when we went from being video games and typing on typewriters to everybody being on their phones and laptops, the most important thing was the password and log in. And ultimately the biggest problem the most likely place where the beginning of what they call the cyber kill chain is going to be somebody who’s not supposed to have a password and log in, will get a password and log in to something and then be able to grab what they call a foothold into your infrastructure.
So you can have all these passwords and logins and we get lazy with them and we use the same passwords for certain things or we try to make it complex and we try to use characters and stuff like that. But really, the biggest challenge is that we need to learn to get away from passwords to logins to feel secure because it’s just like in the movies. If you get access to the vaults, you can get whatever you want, and that is an example of what just happened here.
Christiana:
Excellent! So what other options do we have other than not having the same password, using a strong password? What other methods do we have to stay safe?
Neal Conlon:
Well, there are really good examples that have come out recently. A company that I used to work with called Plural Lock which actually just went public in the TXX a couple of days ago, so congratulations to the team. They use a different type of multi-factor of identification and identity management algorithm to monitor the identity of a user. I think that is a fascinating one. There is also an interesting tool that came up recently for me called Photo Lock, which is put together by a company called Net Lock, which allows the user to select a photo of their choice so I may pick a picture of my dog or my cat or a fish that I caught and since I’m the only one who knows that photo, when I click on my phone or device, then it definitely has to be me.
And there are other good examples. Facial recognition has gotten better, multi-factor authentication is a really good one. But we’re really starting to see some good tools that improve continuously. We are who we say who we are for that transaction it takes place versus if someone logs in into your account from a faraway place, it’s clearly not you because you logged in from New York or Chicago yesterday.
Christiana:
Gotcha, very good. So now that’s just basics for consumers. What about the exchanges themselves? You’ve been helping companies to build strong infrastructures. What would you say to these kinds of exchanges? Wallets? Different tools. They’re thankfully making these tools to make it easier for users to invest in cryptocurrencies. What would you say to them what they need to consider as they build?
Neal Conlon:
[…] I think we have a fiduciary responsibility when we build these platforms. Zoom is a great example. Zoom built out this big huge platform. Millions of users and then people where like, holy shit, it’s very insecure. […] There is a fiduciary responsibility for if you’re going to be collecting people’s information, you need to have the right processes in place and infrastructure in order to maintain and make it secure.
Christiana:
Gotcha. That makes sense. Ok! It seems like we’ve lost a soldier. So let us just give him some time to get back on the stream. Remember guys, if you have any questions or comments, please do add them to the comments down, we will try to get to all of them. Please subscribe! We do these breaking talks for the audiences to get into the digital economy.
So we are waiting for Neal to recover, but in the meantime why don’t we bring on Anatoly. We have Anatoly from PARSIQ!
Hello, Anatoly, welcome! Thank you so much for being here today.
Anatoly Ressin:
Hi Christiana! So good to be here on your show!
Christiana:
Amazing it’s wonderful to have you. Anatoly is a blockchain architect from PARSIQ. Now Anatoly would you get us an idea of what is PARSIQ for the audience to know?
Anatoly Ressin:
So PARSIQ is a blockchain intelligence platform that allows you to monitor everything that happens on the blockchain. We try together all events from different blockchains and provide them in a unified way for programmers, for ordinary users, so everybody could monitor what is happening, select exactly what he wants to monitor, and be notified when the event of interest happens on the fly without any delay.
Christiana:
Excellent. Can you give us some practical examples, use cases that you are using today with the technology?
Anatoly Ressin:
Yes, so the easiest way how to use our technology is simply to monitor your own wallets. So for example, if you have your own wallet, you can simply log in to PARSIQ, select the easiest way how to interact with our platform. Our platform is a Quick Monitoring Wizard, then simply put your address and configure your messenger (like the Telegram or other one), and we immediately will start to deliver all the events that happen to your wallet to your messenger. It’s simple.
Christiana:
Ok, gotcha. Let’s get more into PARSIQ a little bit later in the stream. Can you explain to us, we got a question from Matthew. Can you explain the method that Kutcoin hackers used to obtain access and to get these funds?
Anatoly Ressin:
Okay, the exact method is now under investigation, but what I can comment about all these things first, that’s each exchange splits its own risk between two different levels of security. So each exchange now has two different types of wallets. One type is called the cold wallets; they’re completely disconnected from the internet and there is no chance for the hacker without tanks or bombs to physically obtain access to these cold wallets. And the majority of the balances of coins are stored in these cold wallets. And another type of wallet is hot wallets. They’re needed for the exchange to serve its operations. Withdrawals, deposits, they firstly land into hot wallets. By definition, hot wallets are something that is connected to the internet. And if something is connected to the internet, it by definition means that it’s insecure.
And exactly the hot wallet of the Kucoin was compromised. How it was compromised? It is really the question. Like we’ve seen with what happened with Twitter. Either it could have been hacked through social things but I think that a lot of advanced technology was used.
Christiana:
Wow, very interesting. Now, what is the exact role that PARSIQ has now stepped in to assist in the recovery of these funds?
Anatoly Ressin:
It is a very interesting question because by definition of the blockchain if something has moved out of your wallet, it means that you cannot recover it.
It sounds like a contradiction. So we kind of return something, but we cannot return something. How did we do this? Here is a very controversial decision that could not be very well anticipated by the crypto-anarchists. And this decision was already made in history. This decision was made by Vitalik. When he saved funds from the DAO.
So there was an incident where one big smart contract lost a lot of money and then the Vitalik decided to stop the blockchain and revert the transaction and it was very contradictory in part of the smart contract. Actually, it split into two different chains.
We have now Ethereum and the Ethereum Classic. The Ethereum Classic is the blockchain where the hack is still present. Since then, Vitalik said that never ever will I make these decisions.
So it was kind of an incident that has ethical considerations that were very interesting philosophical questions about is technology for us or are we for technology? So what is the balance? What we together with Kucoin engineers, we implemented a complex plan, and the main idea is: for used tokens that are searched from the hack — we create other tokens, complete copies of the entire tokens with an entire set of balances with thousandths of wallets.
With the help of PARSIQ technology we recreated it (because we see everything that happens in blockchain), we recreated these tokens with exactly the same balances that were before the hacks. No actually, not before the hack because the hacker himself, because his behavior is very strange, because he took all the money from all the tokens and put them into one single wallet. It is the question.
If I were a hacker, I would spread these tokens into different addresses, but the hacker took all the money and there is an address that is visible on Etherscan. And Etherscan has already labeled this address on which those tokens are sitting. They labeled this address as Kucoin hacker so this is a direct address that has his own address.
Christiana:
The system itself is going to show us when that gets pulled from the market, when it gets dumped.
Anatoly Ressin:
Exactly! And many of these tokens are still there on the same wallet. And a very interesting thing is happening just now. Some programmers are creating new tokens with the curses in their names.
Christiana:
Curses?
Anatoly Ressin:
Yes, exactly. With bad words, curses.
Christiana:
Anatoly! This is a family show. Let’s not curse here.
Anatoly Ressin:
I know! I will not pronounce these words. But I will say that they are now sending these tokens to this address. So they blame this hacker by sending these messages through tokens. So they created special tokens for flaming this hackers. So now the curses are the ERC-20 tokens, haha.
Christiana:
Wow. It’s kind of, “use the tools you have.”
Anatoly Ressin:
Exactly. So now what we see is pretty much a big balance is sitting in this address. Unfortunately, some of them are already moved but not all. And it gives us the ability to make a snapshot of all balances until the hacker will take this money.
We at PARSIQ constantly monitor what is happening with this address and we have the latest snapshots of the state of the entire blockchain. And we could provide this information to those tokens who will decide to fork. I will say that not everybody will anticipate this decision yet there is a category of tokens that probably will use for this decision. There are young tokens selected by Kucoin as the first major exchange to list them.
Christiana:
Interesting. We saw the snapshots of what you guys did. Can you just explain that? We do have a link guys. Anyone watching can see the snapshot link within the comments down here. Can you explain what that was? The snapshots?
Anatoly Ressin:
The snapshot itself is a simple CSV file so it could be easily opened in your excel or google spreadsheets. Some snapshots are small, some are big. It depends on how many active addresses with non-zero balances existed at the time of the snapshot.
So for example, one of the tokens that we saved were NOIA Tokens and at the time of the snapshots, there were around five thousand and five hundred of actual addresses. And we extracted all the balances of all of those addresses.
Unfortunately, in the Ethereum, there is no way how to obtain the entire set of balances at the given moment without replaying all the history. Starting from the point way way ago in history. So for each contract, we are taking the moment where the contract was deployed into blockchain maybe several years ago. And then we are replaying all the history, which way transaction was applied. Then we derive the current state of each address that was involved in communication. That is the way we can do it.
Christiana:
Understood. So how many projects have you done this for? You must have had a long weekend.
Anatoly Ressin:
It was a long weekend. So on the morning of Saturday, one of our friends and partners from NOIA contacted us about the Kucoin hack and how we could help them recover from it. So there is a plan to invent a new token but is a problem with how to do all the things and replay all the history and return all the new coins to all the users.
Christiana:
Yeah, wow. Yes, and the CEO did tweet out that the team was working on all the funds and that all the funds would be recovered. Now was your team involved in that problem? How was PARSIQ involved in that promise?
Anatoly Ressin:
I don’t know whether or not we will be directly mentioned by Kucoin, but I believe that they somehow attribute us. It’s up to them but we are a kind of independent project that helps another decent project that now needs our help.
So we feel our moral obligation because we have the technology that could save potentially a really cool project at their start. So unfortunately, for example, for those coins that have Kucoin as their first exchange, the hacker obtained almost a quarter of their total supplies.
It means that the hacker now becomes a huge whale in terms of money. All the market manipulations like pumps and dumps will become cured by him. No market making is now possible. He controls the price and nobody will work with these tokens. So without such a hard fork of the token we can consider the project is dead now.
Christiana:
Wow, so Anatoly and PARSIQ bringing these projects back to life. I really do think Anatoly I commend you and your team for putting the time because it is very noble and I think it represents the real heart of what this community is about. Collaboration, permission systems, these kinds of governance, and the mission of really being collaborative and helping each other. So thank you so much for you and your team and I really appreciate that, and I think the whole community is cheering you guys along. I really appreciate it.
Anatoly Ressin:
I just want to welcome all the teams. We are able not only to provide ideas of snapshots, but we also have huge experience with smart contract deployment optimizations of gas and so on, so we could help you hard fork your token. So we have all the essential data to do it. And we have all the technologies that will allow you to recover the smart contract. Either your initial smart contract or now I would say that you have a chance to improve your token. And all of the new functionalities that you want to implement in your token after proper audit could be restored where it was taken by the hacker.
Christiana:
So Anatoly is this an open initiation for these projects to contact you? So should they contact you on Twitter? How should they contact you?
Anatoly Ressin:
I would say that they need to mention us on Twitter with a tag #PARSIQSavesKucoinHack, or something like that.
Christiana:
Hashtag PARSIQ saves the day. I like it! Why not. I love it. Now we did have a question from the audience. Can you explain, Anatoly, how PARSIQ differs from Oracles like Chainlink.
Anatoly Ressin:
Ok, so we are dual to them, meaning we are working in opposite directions. So the main idea of the chainlink is to grab events from the real world and put them into the blockchain.
What does Oracle mean? It is the entity that is able to provide you information that you cannot obtain without it. And blockchain is a system that unfortunately cannot grab information by themselves. So any smart contract is blind. It doesn’t see anything that happens outside of the blockchain. And Oracle is the ears and eyes of the blockchain that allow it to obtain data from the outside world.
But we as blockchain professionals found that the blockchain itself is an entire world and there are many interesting activities happening in blockchain and sometimes it’s not capable of monitoring what is happening in its world itself.
So for example smart contracts are not able to listen to the events of other smart contracts. Only the outer world is capable of it. And we decided to create a system that digs into blockchain and collects the most interesting information that happens inside the blockchain.
For each blockchain when we integrate them, we are asking what are the most interesting events in the blockchain are happening? And it is our priority to provide automation on the most interesting events. So for some blockchains these are staking events, for others — for example some auction liquidations.
Christiana:
Ok understood. So the natural next question would be what would be with Chainalysis? So we always hear about Chainalysis after hacks: their review, their breakdown. What would be the different functionalities comparing to Chainalysis and PARSIQ?
Anatoly Ressin:
In mathematics, we would use the word orthogonal, but in normal language, it’s called independent. So our functionality could be combined with the functionality that is provided by Chainalysis, Bitfury Crystal, or other providers of the security analysis.
We are a deep tech company, and we can equip our monitoring engine with the data that is provided by security analysts, and we in fact are already integrated. So we are successfully working with Uppsala Security and the Bitfury Сrystal, and our data can be enhanced so we detect the event in the blockchain and assign a risk score. But this risk score is provided by our partners. So we don’t even hide this fact. So we have a lot of integrations with different data providers. Simply send all the data to users who want to consume this data.
Christiana:
Very interesting. So let’s pause from the Kucoin hack a little bit, is there anything interesting or different, any insights you have that you can share with us?
Anatoly Ressin:
I would say that firstly we have our own token and users often asking about the utility of our token. I want to intrigue you and I would say we prepared a very good tokenomics for it. We as mathematicians and together with economists prepared a very good model. With a pure utility that would be obvious.
Christiana:
Very interesting. Can you tell us now?
Anatoly Ressin:
Nope. We will announce it for the next phase. But we are very proud of it.
Christiana:
If I may, we would love to have you come back on live. You can take the tablet out and do the live drawing. We would love to know when it’s public.
Fantastic! So you mentioned mathematics. So what is your background? How did you become a blockchain architect?
Anatoly Ressin:
It’s a whole story about mathematics and my way. So I’m from the teacher’s dynasty: my grandfather, father, and I were teachers in a university for a long amount of years.
Actually, before creating a company I taught 15 years of different types of programming: functional, logical programming, discrete mathematics, compiler designer, where we together with my students created a lot of different small programming languages.
Even now in PARSIQ, I had a chance to create a real programming language that is now used to transform events from the blockchain and unify all the blockchain. I would say sometimes students ask for me, “Teacher you are good at teaching how to create a language, but did you create a language?” and now I have the chance to prove my students that I am capable of creating a language.
So there was a lot of math, including abstract algebra, that is coupled to cryptography and when bitcoin appeared and then after some years ethereum appeared, it turned out that a lot of my knowledge was highly relevant to the cryptography used in blockchain. And I simply started as a blockchain consultant and gradually our clients started to ask can you do this, can you do that? And together with my students, I’ve created a company. My first partner was my student that defended a master thesis under my supervision.
Christiana:
That’s beautiful. That’s so nice. That kind of collaboration is great. We have a question from Bryan. Now Anatoly, you created a wonderful product, PARSIQ. Was this your own special programming language ParsiQL? Can you tell us more about it?
Anatoly Ressin:
Yes, I can. So firstly I want to differentiate from other languages because if you will take a very brief look at the ParsiQL you can find it resembles a SQL language that is used for databases.
But there is one huge difference between SQL and the ParsiQL because databases are already definite and recorded. And when you write a query against the database, all the data could be immediately extracted and returned as a result.
But in the case of blockchain, it has an infinite amount of information that is delivered time to time to you. We have another approach. Maybe I can explain in terms of push and pull approach. So traditional databases are pull bases. So you are taking out the result from there and we are considering the blockchain the push-based notification. So it’s a potentially infinite stream of events and our language is intended not to query it but to filter it, to transform it, and to apply any calculations on the fly. So for example, if you have a stream of numbers, for example, 1, 2, 3, 4, 5, 6, 7, ParsiQL is capable to filter this stream and for example, I want to obtain only numbers that are odd, it means that from the stream of numbers you will only receive 1, 3, 5, 7.
Christiana:
Ok, so apart from using this for PARSIQ itself, will this be launched to be applied to different areas?
Anatoly Ressin:
I would say that our platform is rather generic and we could listen to not only what is happening in blockchains. We are able to consume other oracles, so for example for us it is easy to integrate with existing oracles and we could integrate them in two different ways. Firstly we can give ParsiQL users to consult with oracles. It is a one-way how we can integrate with them.
The other way is — every oracle is the provider of dynamic data. And ParsiQL is the ideal way how to consume dynamic data. How to consume and transform it on the fly and maybe enrich it with external information. So we have a lot of potential to integrate a lot of data sources and we see ourselves as an aggregator. But really it is blockchain-oriented but not only.
Christiana:
I love that! That’s really great. So for those out there who are looking to work for with PARSIQ and to have collaborations, what kind of companies are you seeking collaborations and partnerships with, and what is in your roadmap to the next 6 months to a year?
Anatoly Ressin:
So firstly we have two different directions for evolving our product. So the first direction is evolving PARSIQ itself as a platform. We are enhancing the language so I have a new version of the language and we are preparing a new ID for a new integrated environment that I believe in a reasonable amount of time will be published.
A lot of different integrations with data providers… but another is developing services that are highly dependent on PARSIQ functionality. I will not disclose all those products but we are preparing some products that will use PARSIQ functionality by themselves and are highly relevant for the market and we expect that they will succeed. Products that are highly dependent on the PARSIQ functionality but they’re not the PARSIQ itself. But they will be included in the line of PARSIQ and all the systems will benefit from those products.
Christiana:
Fantastic. Amazing, we are looking forward to it Anatoly. Now let’s get back to the Kucoin hack and let’s discuss I think he has spoken to Cointelegraph and the latest Cointelegraph article they did say that Johnny Lyu was planning on having Kucoin up and running within a week. Do you think this is realistic? Do you think it is going to happen? What are your views on getting it up and running and being safe?
Anatoly Ressin:
It’s a hard question because technically speaking they are insured and they can compensate all the losses, all the current losses of tokens to every customer that had business of the Kucoin itself. It’s not the business of the projects of tokens.
So their business is to save their customers and their primary customers are users who can lose money. Yes, their customers are tokens as well but the customers, that make deposits and withdrawals and are trading, are their primary customers. And for those customers, they can deliver their promise within a week.
But Kucoin has brilliant engineers that work on the line all those days and we created the plans how to save, how to announce, and how to open the trading, how to run all the market makers, and all those things were provide by them, and they are extremely open to collaborating. But this is really a technical challenge, especially when you decide to hardfork what we’ve done. Because there are a lot of things that should be aligned and it’s a kind of spaceship operation so when they are contacting.
Christiana:
That’s very cool. So Anatoly, is there a memo or public service announcement that you would like to give other exchanges or a service that you offer so that other exchanges can be safer and avoid these types of hacks? Is there a way for you to provide a service that can prevent these hacks?
Anatoly Ressin:
For the prevention, unfortunately, as our previous speaker said, there is always a chance that something will be hacked. Even all those cold wallets can be attacked physically with physical thieves that will find the way how to go for it. But I would say that it is the competition between sword and shield. And never these things could be resolved. But we are a shield here and a remedy. So if something nasty happens we are here to help.
Christiana:
So you heard it here first, PARSIQ the shield and the remedy. I love that and again kudos to your team for putting the effort this weekend and continued effort so once again we have Anatoly here you can contact him on Twitter. Now Anatoly, you have an interesting tokenomics model. Any last words or tips out there to projects about tokenomics or about other things that you guys are knowledgeable about?
Anatoly Ressin:
I would say that the tip for another project for economics so guys try to use your tokens only in areas with a sustainable demand. So only this can stabilize the price and if you can tie it with the growth of the market that you cover then you will satisfy two different needs of tokenholders.
Because there are two different types of tokenholders. One is interested in trading and another who is interested in your project services. If you’re back to buy the organic demand not of your token but of your services then it will provide a bottom and if you can grow your market with your services it means it will provide the benefits for the tokenholders that are trying to trade with it. Otherway, you cannot reach both things and we think we have found the solution to reach both things.
Christiana:
Wow, we are highly anticipating when we get to dive deep into your tokenomics and into your own coin. We are so pleased to have you on this show. Thank you so much. Actually, I’m curious where are you streaming from?
Anatoly Ressin:
I’m streaming from my working place and part of the team is still here. This is our office and this is Artem, somewhere, haha. He actually worked a lot on saving NOIA tokens now. We are working with the CarVertical team. A few teams are also waiting to start.
Christiana:
Amazing. Thank you so much. Thank you for the mini-tour. We are looking forward to having you back on the show Anatoly. Thank you for being here and your service to the community.
Really excited and again they can find you on Twitter I have a list of your tag @artazor they can also connect with Parsiq.net and also on Twitter. We will have all your links so far we already have the Snapchats in the comments. Thank you so much and have a wonderful day. Everybody out there please subscribe to DigeonLIVE! We have breaking talks we have DigeonLIVE! We have wonderful programming here for our community. Thank you so much Anatoly.
Anatoly Ressin:
Thank you very much, Christiana. It was a pleasure at your show.
Christiana:
It is a pleasure to have you always.
If you have questions about using PARSIQ you can always ask our team in TELEGRAM GROUP: https://t.me/parsiq_group
