DEV Community

Cover image for How I Exposed a Cryptocurrency Exchange's Dirty Tricks to Fight Competition
Karthik Varma
Karthik Varma

Posted on

How I Exposed a Cryptocurrency Exchange's Dirty Tricks to Fight Competition

It's no wonder that post the bullish market run in 2017, cryptocurrencies are known to almost everyone across the world šŸŒ. That run attracted more players into the market. From people tempted to make easy money to investors who catered to this sudden spike in users from institutional players to rookie users. Many new platforms known as crypto exchanges where people can buy and sell cryptocurrencies began to sprout up.. As of April 2018, Bitcoin.com has reported that there are around more than 500 cryptocurrency exchanges. Since there was a sudden spike in the number of exchanges, these exchanges resorted to using various tactics to gather more users onto their platform from competitions to airdrops and referral programs.


BitBns is one of the popular Indian cryptocurrency exchange. It started operating from December 2017. Even though they were new into that market it didnā€™t take them much time to gather a good reputation thanks to the founders who were already running a good company and a growing user base thanks to the bearish market šŸ“ˆ

When they started they went on a listing spree. They had more digital assets than Koinex, Coinome and even other popular exchanges. People just loved BitBns because of their quick support and that they were offering more choices of cryptocurrencies.

But post Q1 2018 there were many exchanges in the market and all these were using all kind of possible tricks from trading competitions to referral programs to get that market share.

The factors that matter to users to select their exchanges are:

  • 24 Hours Volume (People donā€™t want to wait a lot of time for their orders to get executed)
  • Good Support (People donā€™t like waiting and since cryptocurrencies are highly volatile they expect quick support)
  • More Listings (People love to buy all kinds of different cryptocurrencies)

  • 24 Hours Volume plays a very crucial part in regards to any cryptocurrency exchange because CoinMarketCap wonā€™t list exchanges that donā€™t have volumes above a particular threshold. The CoinMarketCap ranking is very important for all exchanges as its like the search index of all crypto assets or exchanges. Essentially CMC is like Google for crypto-assets and exchanges.

In fact traders like me check the volumes on CMC first and then go to various exchanges. Now coming back to BitBns, it already has all other things except volumes. Maybe due to this they decided to manipulate it just to gain market share.


Decoding:

I have traded on most of the Indian exchanges in the past and BitBns didnā€™t have that great volumes. Then when BitBns suddenly had better volumes compared to WazirX, Koinex and Coindelta, I thought it was a system bug.
In the past, BitBns was accused of having faked their volumes and they explained that there was a bug in the system. This was even reported by Coincrunch in March, 2018.

Now when it comes to July, 2018 when most of the Indian exchanges volumes are decreasing drastically, BitBns volumes are still good. I had my doubts about it and wanted to check if it was true. To my realisation ,indeed the volumes shown are wrong.

Firstly, I looked at how the Trade History is updated on the website. Essentially, trade history contains the history of last ten executed trades. It shows a timestamp, the volume and the PPU(Price Per Unit).

trade history

Later I found out from the XHR requests that the trade history data is sent using Polling APIs.

There were two APIs. One for generating a Session ID and then the other which uses this Session ID to fetches the Trade History data.

Due to this I decided to check the volumes of BTC and XRP markets as they are in the top five markets by volume on BitBns. Now I knew how to fetch the data and had to decide my stack.

I was quite familiar with Node.js and decided to use it to put all the data I fetch into a database.

After that, I decided on using MySQL because it seemed like the most logical to me. I used MySQL like 3 years back before this and whenever I tell my friends that I use MySQL even now they just laugh šŸ˜¹

I used axios to fetch data from the APIs. However, the response I received was so shitty I had to clean up the response and turn it into parseable JSON.

I sorted out everything to fetch the data and then had to store everything in MySQL. I programmed it in such a way so that when the program starts it puts the data as it is in the database on the first run. Then from later on it compares the latest record in the database with the newly fetched data from the trade history. If new records are detected based on the timestamp from the API-fetched data, then it is inserted into the database.
I created a table for XRP and BTC each with the SNo, TimeStamp, Volume, PPU columns.

This is how data is stored inside MySQL:
mysql store

If the timestamp, volume and PPU are same for data, then it is treated as duplicate data and does not get stored in DB. This case is extremely rare but I put it just incase if anything went wrong.

I used mail services to send notifications once the script ran and once to send an aggregated volume after 24 hours directly to the email.
After that, I put everything in a setInterval to keep fetching and storing the data.

An overview of the different functions I used:
Fetching new data using setInterval

Since the time interval is pretty high, you might think that we may miss some trades. However in Indian markets thats actually a great refresh rate. This is because there arenā€™t many trades as they are on Binance. Nonetheless, I didnā€™t miss any data.
I was fully ready with my code and deploying it.

I deployed my program on WeDeploy and the MySQL DB on Google Cloud Platform. The deployment and infrastructure was not at all a problem, thanks to the amazing team at WeDeploy.


Results:

I stopped my program exactly 24 Hours after it has begun. Even though we got the aggregated results on the email, I decided to aggregate them myself inside MySQL. The below are the results from the program.

Here are the 24 Hours aggregated volume of XRP and BTC markets based on our program:
volume mysql

There was a drastic difference between the volumes reported by BitBns and CoinMarketCap
On BitBns and CoinMarketCap :

The 24 Hours Volumes on BitBns of XRP Market (Right) and BTC Market(Left):
difference

The volumes shown on CMC after 24 Hours:
difference

The Volumes shown on BitBns and CoinMarketCap are called as Rolling Volumes. It means that when you open their website, the Volume shown on the website is from the past 24 hours.

If you open it at a time T then the volume shown is from T-24 .

On BitBns website, the 24 Volume of XRP is shown as 3,75,410 and the 24 Volume of BTC is shown as 20.266.
Let's compare this with result of our program.

  • The program said that the 24 hour volume of XRP is 62,365 and on BitBns it says 3,75,410 . The volume reported on the website is more than 500% than the actual volume.
  • Again the 24 hour volume of BTC is 2.638 according to our program and on BitBns it says that it is 20.266. The volume reported on the website is more than 668% than the actual volume.

BitBns is reporting a manipulated 24 hour holumes. It reported 501% more incase of XRP and 668% incase of BTC than the original volumes.


We can clearly see that that BitBns is faking its volumes in order to gain a competitive edge over other exchanges. We have no idea many other exchanges are reporting fake volumes.

Special thanks to MCD-50 for helping me out.

In case you want to verify my claims, here is the link to the project on GitHub

Top comments (51)

Collapse
 
brick profile image
Allene

PaybyPlateMa is a new and innovative way to pay bills online. Instead of sending your invoice by mail, you can use your PaybyPlateMa account to pay immediately with a debit or credit card or even with your mobile phone.

Collapse
 
halldavid profile image
halldavid

Exposing unethical practices in the cryptocurrency industry can be a valuable contribution to promoting transparency and fairness. However, it's crucial to approach this process responsibly and ethically. Here's a general outline of how you might go about exposing dirty tricks while competing with a cryptocurrency exchange:

Gather Evidence: Start by collecting substantial evidence of the unethical practices you want to expose. This might include transaction records, communications, or any other relevant documents that clearly demonstrate the wrongdoing.

Stay Legal and Ethical: Ensure that your actions comply with all relevant laws and regulations. You should not engage in any illegal activities or hacking to obtain information. Focus on ethical means of collecting evidence.

Anonymity: Consider protecting your identity during this process. Depending on the circumstances, exposing unethical practices can result in backlash or legal challenges, so anonymity can be essential for your safety.

Documentation: Create a detailed document that outlines the unethical practices you've observed. Include clear evidence, such as screenshots, transaction logs, and any other relevant data. Be precise and factual in your descriptions.

Reach Out to Authorities: If you believe the unethical practices involve illegal activities, consider contacting the appropriate authorities, such as regulatory agencies or law enforcement. Provide them with the evidence you've collected.

Whistleblower Programs: Some countries have whistleblower protection programs that provide legal protections to individuals who expose wrongdoing in their organizations. Look into whether such programs exist in your jurisdiction.

Media and Public Disclosure: Depending on the severity of the unethical practices and your willingness to go public, you may consider reaching out to investigative journalists or media outlets that cover cryptocurrency-related topics. Be prepared for potential legal consequences and backlash from the exchange.

Legal Counsel: Consult with legal experts who specialize in cryptocurrency and financial regulation to understand the potential legal ramifications of your actions. They can advise you on how to proceed legally and safely.

Online Communities: Share your findings in online cryptocurrency communities and forums. Engage in discussions and provide evidence to raise awareness about the unethical practices.

Transparency: If you are running a cryptocurrency exchange yourself, emphasize transparency and ethical business practices in your own operations. Show users that you are committed to fair and honest trading.

Keep Records: Document all interactions, communications, and actions related to your exposure efforts. This can be important if legal issues arise.

Protect Yourself: Be aware that exposing unethical practices can sometimes result in personal threats or harassment. Take precautions to protect your safety and anonymity if necessary.

Remember that exposing unethical practices in the cryptocurrency industry can be a risky endeavor, and the outcomes can vary significantly. It's essential to act responsibly, legally, and ethically throughout the process while considering the potential consequences and ensuring your own safety.

Collapse
 
shadowruge profile image
izaias

Muito coerente seu texto, parabƩns

Collapse
 
ben profile image
Ben Halpern

Wow, thanks for sharing. This is really interesting on a few fronts. Will BitBns face any consequences from this?

Collapse
 
leovarmak profile image
Karthik Varma

I don't think it will be an issue right now since crypto is not yet regulated here in India. But once its regulations are in place and then if the crypto is dealt like stocks then users can sue the company for showing misleading information.

Collapse
 
sabrinas profile image
Sabrina Caroline

Elevate your online presence with our expert Shopify web design agency. Crafted solutions for success in every pixel. Web page designing for shopify website texas

Collapse
 
bgadrian profile image
Adrian B.G.

I also think you can double check their addresses and get the numbers directly from the ledgers. It will be harder to aggregate and to get all their wallets though.

Also MariaDB is the new mySQL šŸ˜€

Collapse
 
leovarmak profile image
Karthik Varma

Directly checking with the public ledger cannot be option for this thing. Lets say a user is using the exchange's wallet service only to store data and not to trade then it will be problem.

Never heard of MariaDB before. Looks nice! Thanks for sharing !

Collapse
 
danmandel profile image
danmandel

I would expect all trading to be done off-chain and to not show up in the ledgers until the user specifically initiates a withdrawal or deposit.

Collapse
 
hdennen profile image
Harry Dennen

Yep, trading transactions will not be found on public ledgers.

Collapse
 
samueljosh profile image
Samul Josh

www njmcdirect com is a service made available to all New Jersey residents who have been issued a traffic citation or other municipal court complaint by the New Jersey Superior Court.

Collapse
 
hirsch112 profile image
Hirsch112

PayByPlatema is a toll payment platform used by some toll road agencies in the United States. It allows drivers to pay tolls electronically by linking their license plate number to their account and adding a payment method, such as a credit card or bank account.

Collapse
 
charterdude profile image
charterdude

The portal lets you do many things, like handle your personal account and get to company tools. Itā€™s meant to make daily tasks easier for the people who keep Charter Spectrum at the top of the telecoms industry.

Panorama Charter

Collapse
 
eren6 profile image
Erin

A very good website. There is a lot of good information here. I'm giving it to a few friends and also adding it to Delicious. Also, thanks for all your hard work!

Pay by plateĀ ma

Collapse
 
latimer112 profile image
LuisLatimer

Exposing unethical practices in any industry can be a challenging and potentially risky endeavor. If you have evidence of dirty tricks or unethical behavior by a cryptocurrency exchange, here are some steps you can consider taking:

Gather evidence: Collect all the relevant information and evidence regarding the dirty tricks or unethical practices. This can include screenshots, transaction records, emails, or any other documentation that supports your claims. Make sure to organize and securely store this evidence.

Consult legal advice: It's crucial to seek legal advice to understand the potential legal implications of exposing the cryptocurrency exchange's actions. A lawyer experienced in cryptocurrency and regulatory matters can guide you on the best course of action and how to protect yourself legally.

Document your findings: Create a comprehensive report detailing the unethical practices you have observed. Clearly present the evidence, describe the impact of these practices, and explain why they are harmful to the industry or consumers. This report can serve as a foundation for your case.

Choose the appropriate channels: Decide on the most effective channels to bring attention to the issue. Options may include media outlets, regulatory authorities, industry forums, or social media platforms. Consider the reach and credibility of the channels you choose, as well as any potential legal implications.

Maintain anonymity if necessary: Depending on the circumstances and potential risks involved, you might consider preserving your anonymity to protect yourself from potential backlash. This can involve using pseudonyms, encrypted communication channels, or relying on whistleblowing platforms that prioritize anonymity.

Engage with the community: Share your findings and evidence with the cryptocurrency community. Engage in discussions on reputable forums, social media groups, or industry-specific platforms. Educate others about the unethical practices you've uncovered and encourage open dialogue.

Cooperate with regulatory authorities: If the unethical practices involve illegal activities or violations of regulations, consider reporting the issue to relevant regulatory authorities. Provide them with the evidence and information you have gathered to aid their investigations.

Remember that exposing dirty tricks or unethical practices can have consequences, both for the cryptocurrency exchange involved and for you personally. It's essential to take the necessary precautions, consult legal advice, and consider the potential risks before proceeding. MyCenturaHealth

Some comments may only be visible to logged-in visitors. Sign in to view all comments.