What we told the CFTC about blockchain threats

Dan Guido, CEO

In March, I joined the Commodity Futures Trading Commission’s Technology Advisory Committee (TAC), helping the regulatory agency navigate the complexities of cybersecurity risks, particularly in emerging technologies like AI and blockchain.

During the committee’s first meeting, I discussed how the rapidly changing and public nature of blockchain technology makes it uniquely susceptible to threats, and why it requires precise solutions that are designed to eliminate, rather than mitigate, risk.

Our key takeaways for the CFTC were:

  • Blockchain evolves far more rapidly than other fields of software, which makes it difficult to establish industry-wide standards and best practices. In just the past few years, the threat landscape has completely transformed with the emergence of new technologies (bridges, DeFi) and attacks (flash loans, price oracle manipulation).
  • Information about blockchain technology—and the hacks used to exploit it—is public, which means that other users and firms can find out about breaches as soon as they occur, before organizations can react.
  • Blockchain requires software with high assurance, meaning it is built to precise specifications and always works the right way. Comprehensively applying the latest available software testing research (property testing, model checking, verification, etc.) is the minimum bar for safety.
  • Blockchain needs additional research, work, and innovation; AI, which is probabilistic rather than precise, is not a viable solution.

The committee will meet again on July 18, where I’ll lead a discussion on the impact of AI cybersecurity capabilities on financial sector security. The live webcast will be available at CFTC.gov.

You can view our full presentation in the video below. The full slide deck is also available on our GitHub page.

I want to thank our co-presenter, Fireblocks CEO Michael Shaulov, who demonstrated how our findings are applicable to some of the biggest security incidents the industry has experienced.

I look forward to continuing our work with the committee. Trail of Bits’s blockchain practice, which comprises 20 full-time security engineers and has performed hundreds of security audits, has unmatched expertise in the blockchain industry—expertise that we will use to further the CFTC’s mission of promoting market integrity, resilience, and vibrancy.

To examine our prior foundational work in the fields of blockchain, cryptography, and AI/ML research, please visit the links below or our GitHub page.

One thought on “What we told the CFTC about blockchain threats

  1. Pingback: How AI will affect cybersecurity: What we told the CFTC | Trail of Bits Blog

Leave a Reply