Nowadays hundreds of crypto exchanges are offering their services to users worldwide but very few assure smooth, fair and safe trading experiences. The struggle to acquire new users in the extremely competitive industry during the current bear market induces many exchanges to sugarcoat their liquidity with fake trading activity. Furthermore, in the rush for profit, or in current market conditions where exchanges fight for survival, many of them don’t exercise due diligence to ensure proper cybersecurity measures to protect users’ funds as well as their own. Instead, most of the exchanges, especially those launched last year, are making every effort just to stay afloat. There are numerous exchanges in such dire conditions, but one of them, Bgogo, specifically caught our attention by breaking onto the Coinmarketcap (CMC) leaderboard and soaring straight to 2nd place (see Fig. 1).
So, we performed our custom analysis of the exchange’s liquidity and cybersecurity by reviewing its charts, orderbooks and trade histories and by calculating its Cyber Security Score via our proprietary model.
Prior to soaring to $1.5bln in February, the average daily trade volume on the exchange was about $56mln. On March 13th Bgogo sit on 14th place of CMC rank with $537 mln (see Fig. 2).
From the exchange’s top 10 markets list, it is apparent that over 99% of the 24-hour reported volume is comprised of six pairs: BTC/USDT, BGG/USDT, ETH/USDT, BGG/ETH, ETH/BTC, and BGG/BTC. Three of them have the exchange’s native token BGG as a base currency. Multiple signs of unnatural trading activity have been detected in all of the exchange’s most active pairs during the current analysis.
The most apparent sign of swindling trade volume is its unjustified stability and inconsistency with price moves, which is the case for most of the exchange’s pairs. For illustrative purposes, there is an example of fairly natural volume performance where trade volume aligns with price changes and thus rises when price moves sharply and maintains higher level along with higher price volatility (see Fig. 3).
The first, most active pair on Bgogo exchange is BTC/USDT, with $136mln (25.15% of the total) 24 hours volume, but there were repetitive periods of trading activity at a reduced level of hundreds of times (max $430k daily).
Fig. 4 features a BTC/USDT hourly chart during a two week period (Feb 22 – Mar 8) with a number of stable volumes pumps and dumps. Through February 23-24th, trading equaled about 4,000 BTC hourly, while hours earlier the trading activity was less than 1 BTC per hour. Then on February 25th, the volume dropped to about 1,500 BTC per hour, lasted for one day and slumped further to just a few BTC per hour. After that, the high trading activity of 1,500 BTC per hour emerged twice: on March 1st (during which it lasted for 26 hours) and on March 8th (which continued for six days).
The 5-minute BTC/USDT chart on Fig. 5 displays the period of feeble trading and the consequent volume pump period with a fairly stable volume of about 350 BTC per 5 minutes. Notably, trade volume performance didn’t change even when price experienced a 4.5% rise from 3,960 to 4,140 USDT.
Another 5-minute BTC/USDT chart (see Fig. 6) shows trade volume drop back to less than 1 BTC from about 120 BTC per 5 minutes. Such abrupt ups and downs in volume look as if someone is turning it on and off, that indicates synthetic trading activity.
Looking closer into the orderbook and trade history reveals some more interesting facts.
Fig. 7 features orderbook and trade history (in particular, the 20 most recent trades) compiled from a screenshot of Bgogo web platform taken on February 25th. It represents a snapshot of trading activity during the period of 1,500 BTC hourly trade volume. While observing the orderbook and trade history we noticed that sizes of trades and orders don’t commensurate with each other. Almost all transactions appeared to be way larger than their orders in the orderbook. The orderbook is filled with orders of less than $100 equivalent except for one to three best bids or offers that are worth above $200, but the trades were larger, as an average value of them equalled about 0.75 BTC (~2,850 USD). In fact, most of them could have wiped out all the bids or offers from the orderbook if they were sent as market orders, assuming fair order matching by the exchange.
A few days after (on February 28th), when trade volume disappeared from the pair, the trading activity looked very much different (see Fig. 8). The orderbook was similarly stuffed with small orders but the trades occurred less frequently (20 trades per 40 minutes versus 20 trades per 30 seconds on February 25th), and 11 out of 20 most recent trades were of the same size, 0.04 BTC, suggesting that all of them were made by one player.
Another of Bgogo’s active pairs is ETH/USDT, whose trade volume jumped from a few ETH to around 90k ETH per hour (see Fig. 9) simultaneously with the BTC/USDT pump on February 23rd.
The trade volume of ETH/USDT performed similarly to that of BTC/USDT as it lowered significantly on February 25th to about 33,000 ETH per hour and had the same inconsistency in price performance. But unlike BTC/USDT the trading activity wasn’t switched off on February 26th but continued at the same pace. It still maintains a fairly stable level of 33k+ ETH (4.5+ million USD) per hour or 800k+ ETH (108+ million USD) daily.
Examination of ETH/USDT orderbook and trade history revealed conditions similar to the inconsistency between sizes of trades and orders of BTC/USDT (see Fig. 10).
The ETH/BTC orderbook is filled with small orders not exceeding 2 ETH ($276) while the average size of the most recent 20 trades is about 17 ETH (~$2,300); thus most of the recent transactions could fill all bids or offers in the orderbook if they were sent as market orders. Furthermore, we noticed that all the trades failed to hit the best bid or offer, but were rather priced somewhere in the middle — a clear sign of volume manipulation.
There are no gaps in the trade volume of ETH/BTC pair, but its performance looks synthetic as well (see Fig. 11).
There are multiple periods of different yet stable volume levels in the pair. On February 19th the volume rose from 10,000 ETH to about 38,000 ETH per hour, held steady there for over 5 days and then dropped to about 13,500 ETH per hour, where it still holds today. It is worth noting that in addition to similar inconsistencies between volume and price performance and between orders and transaction sizes, ETH/BTC suffered its most recent drop on February 25th, the same day as previous pairs, suggesting a coordinated action.
Moreover, no matter how large the spread was, 200k satoshi (see Fig. 12) or 11k satoshi (see Fig. 13), virtually all trades occurred somewhere between the best bid and best ask.
The next three pairs contain the exchange’s own token, BGG, as the base currency and feature lots of evidence of artificial liquidity.
The most active BGG pair is traded against USDT and apparently is pumped by the same means as ETH/USDT. The BGG/USDT trade volume performed quite similarly as the other pairs, skyrocketing from 10k BGG to 20bln BGG (~17 mln USD) per hour on February 23rd, holding stable for a couple of days, then dropping to 7.5bln BGG per hour on February 25th and still holding fairly stable at that level as of today (see Fig. 14).
Moreover, BGG/USDT price performance looks extraneous and unnatural. It has steady periods alongside choppy action of up to 15% price change (between high and low) in 5 minutes (see Fig. 15). And the trade volume doesn’t align with those moves.
BGG/USDT orderbook and trade history show transactions persistently avoiding bids and offers and being priced inside the spread regardless of its width.
It didn’t matter if the spread was 7.5% (62 x 10-6USD) (see Fig. 16) or 1.6% (13 x 10-6USD) (see Fig. 17) because all trades occurred between bids and asks.
Even more fascinating was the fact that the trades worth millions of BBG were priced just inside the spread made of orders less than 1 BGG. That suggests those trades were simply forged.
BGG/BTC volume performance is similar to that of ETH/BTC with different but stable levels of trading activity (see Fig. 18).
The BGG/BTC 5-minute chart demonstrates volatile price performance, including periods of steady price adjacent to wild swings of up to 20% within 5 minutes compared to unnaturally stable trade volume (see Fig. 19).
The next three consecutive screenshots will show how “price volatility” appears as a result of synthetic liquidity.
On Fig. 20 the pair has a super tiny spread of only 3 satoshis but a number of recent trades are priced just between the best bid and best ask.
The next screenshot (Fig. 21) taken 2 minutes later shows the spread of 258 satoshis which is 86 times larger than 2 minutes earlier and is 12% of the price. Again the most recent trades are priced inside the spread.
30 seconds later the spread narrowed to 14 satoshis (see Fig. 22) but stepped up 12% higher than it was 2 minutes before. And the most recent trades began to print inside the new spread.
Thus, the BGG/BTC spread managed to widen from 0.15% near the price of 2020 satoshis to 12% and narrow back to 0.62% near the price of 2264 satoshis, which is 12% higher, in a matter of minutes. These facts show that the price volatility is not the result of high trading activity but of strange shifts in the spread suggesting the inadequate performance of market making algorithms.
BGG/ETH, the last of the six most active pairs, has the same irregularities described in the previous pairs. They include periods of stable volume inconsistent with price moves (Fig. 23), extraneous price performance ranging from incredible stability with literally no volatility up to 16% price swings within 5 minutes (Fig. 24), and tiny spreads of 15 satoshis made by miniscule orders as well as large size trades that are inconsistent with size of orders standing in the orderbook (Fig. 25).
Cybersecurity comprises technologies, processes, and controls designed to protect systems, networks, and data from cyber-attacks. Effective cybersecurity for exchanges reduces the risk of cyber-attacks and protects the exchange’s customers (traders) from money thefts. For the cybersecurity assessment, we used the CER Cyber Security Score (CSS) calculation model and generated a result of 7.10 out of 10.00 (see Fig. 26).
Below we will review the issues detected by cybersecurity check of Bgogo exchange and explain their importance.
The website of Bgogo exchange doesn’t have the appropriate DNSSEC records. DNSSEC is a set of protocols that add a layer of security to the domain name system (DNS) lookup and exchange processes, which are integral in accessing websites through the Internet. While DNSSEC cannot protect how data is distributed or who can access it, the extensions can authenticate the origin of data sent from a DNS server, verify the integrity of data and authenticate nonexistent DNS data.
Bgogo has not implemented the Captcha input during the sign-up and sign-in procedures. A Captcha is a short online typing test that is easy for humans to pass but difficult for robotic software programs to complete—hence the test’s actual name, Completely Automated Public Turing test to tell Computers and Humans Apart. The purpose of a Captcha is to discourage hackers and spammers from using auto-filling software programs on websites. Bgogo has not implemented the Captcha input during the sign-up and sign-in procedures.
Strong user password is one basic account security measures. Strong passwords should contain upper and lower letters, numbers, and special characters. Bgogo has low password requirements: just 8+ symbols length, that practically can be “12345678” or “11111111”.
Bug bounty programs (or vulnerability rewards programs), are crowdsourcing initiatives that reward ethical hackers for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as an important part of an organization’s vulnerability management strategy. Currently, Bgogo does not conduct any bug bounty programs neither self-hosted nor via specialized third-party resources like HackenProof.
Liquidity analysis of Bgogo exchange revealed numerous irregularities in its trading activity. First of all, over 99% of the exchange’s total volume is made in the six most active pairs three of which have BGG as a base currency. In all of them, there are periods of unnaturally stable volume inconsistent with price moves and lasting for days.
The pairs traded against USDT (BTC/USDT, ETH/USDT, BGG/USDT) experienced synchronous skyrocketing trade volume boosts on February 23rd from literally idle trading activity to millions of USD equivalent per hour and simultaneous 2.5 times volume drop two days later. Moreover, , BTC/USDT pair liquidity was lately on-and-off from less than 1 BTC to 1.5k BTC per hour while ETH/USDT and BGG/USDT maintained stable trade volume for over two weeks. In addition, a vast part of trades in most active pairs are way larger than all bids or asks combined, meaning that standalone trades could consume all orders from either side of the orderbook in all pairs. Furthermore, most trades are priced in the middle of the spread regardless of its width. And that is the case for all pairs as well. All the facts mentioned above suggest a very high possibility of volume manipulations carried out on Bgogo exchange.
Besides, the performance of the price in all three BBG pairs was very strange. There were alternations of steady price periods with wild price swings up to 20% per 5 minutes, which can be explained by strange spread shifts described in the BGG/BTC pair case. Such a weird spread performance combined with tiny orders filling the orderbook suggest of inadequate market making.
Cybersecurity analysis resulted in the Cyber Security Score of 7.1 points (out of 10) and revealed the following issues: weak password requirements and an absence of DNSSEC records, captcha tests, and bug bounty programs. Those issues are essential for strong cybersecurity for any crypto exchange responsible for client funds.
Considering all our findings we can conclude that Bgogo is an unreliable and unsafe crypto exchange to trade on.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.