When a decentralized cryptocurrency exchange supports fiat tokens and readily courts banks and still makes customer identification optional, it is the ultimate recipe for disaster
According to sources the blockchain project, Waves, the company’s new decentralized exchange (DEX) was supporting $6 million of crypto transactions a day during beta testing last month. Roughly, six times the daily volume at Air Swap, a rival DEX.
DEX of Waves had 90,000 traders using 330,000 wallets ahead of its full launch this week.
The prime reasons for this stunning performance coming out of the gate were the speed, courtesy of the platform’s centralized matchmaking service – highlighting the contradictions inherent in so-called DEXs. Moreover, almost any trader can issue a token on Waves’ unique blockchain, even one representing an IOU in fiat currency, and can be instantly traded for bitcoin on the exchange. Despite this, the rollout hasn’t been all glorious.
When Waves officially ended the beta period on Tuesday and launched the full DEX, hackers hijacked both the exchange website and the company’s main site to phish for users’ personal wallet information. It took hours for Waves to gain control of the domains again.
Waves CEO Sasha Ivanov said”Someone just faked my passport and gave it to support [staff] at the domain company and they changed the password at his request. Then the attacker was able to change the main website,”
Unperturbed by the incident, or by constant criticisms of Waves’ security practices, Ivanov said that he hopes that even banks will also start launching currencies on his DEX. He said:”We are looking for partnerships with major banks because we hope major banks will want to issue their own fiat tokens.”
The project raised $22 million by selling native tokens in 2016 required to trade on DEX. The tokens are used for operating smart contracts and incentivise the node operators on the Waves blockchain.
The Waves DEX generally requires identity proofs in two cases when users opt for fiat cash; or when they issue a token on the Waves platform and then list it publicly on the DEX. According to Ivanov, Private token issuance traded through private listing options does not require identity checks for compliance, neither does trading of bitcoin for other tokens.”For now, you can do crypto-to-crypto trading without any type of KYC,”
But Drew Hinkes, chief legal counsel and co-founder of the crypto advisory firm Athena Blockchain, said that exception probably doesn’t apply to users in the U.S.”We know from the 2013 guidance issued by FinCEN [Financial Crimes Enforcement Network] that a lot of people in the crypto ecosystem need to have a BSA, the Bank Secrecy Act, and AML, which is anti-money laundering, compliance programs,” Hinkes said. “Those programs are required to include customer identification programs.”
Thus, if an exchanger accepts or transmits a virtual currency, or buys or sells virtual currency for any reason an ID check is required.
“The guidance says that, when defining a money transmitter, they don’t care whether you use real currencies or convertible virtual currencies,” said Hinkes, who is also an adjunct professor at New York University’s School of Law and Stern School of Business.
This week’s phishing attack has not only put a question mark on the DEX launch, but it also prompted criticism of Waves’ practices. Drawing a significant lesson from the hack, Ivanov said, “We and the whole industry need to work on decentralized domain name systems.”
Regardless of the scam, Waves’ volume is gearing for a new exchange with better and well-equipped self-custody options.
Ivanov also said he was grateful to the community for supporting their ICO and is eager to deliver real value to global businesses.”Our blockchain is quite fast,” he said, claiming Waves can process 500 transactions per second. “We have a very active Brazilian and Turkish community; you can even trade a token Lira on our exchange.”
