In brief

  • Peer-to-peer cryptocurrency marketplace Paxful has revealed that it fended off over 220,000 requests from web-bots in just two months.
  • Bot attacks are typically aimed at stealing victims' money via account takeover or transfer of funds.
  • Paxful used Group-IB's online fraud prevention platform Secure Portal to tackle the bot problem.

Paxful, a peer to peer cryptocurrency marketplace, has revealed that it faced down over 220,000 requests from web-bots in just two months, protecting its users with the help of threat hunting and intelligence company Group-IB. 

The volume of attacks highlights the fact that cryptocurrency companies remain a tempting target for online aggressors. In the last month alone, hackers stole some $5.4 million from Eterbase and nearly $200 million from KuCoin.

With bot attacks a common vector, Paxful has teamed up with threat hunting and intelligence company Group-IB, using their online fraud prevention platform Secure Portal to tackle the problem.


“The platform has managed to fight off over 220,000 requests from web-bots in just two months, shielding its 4.5 million customers against possible attacks,” Group-IB said in a statement. 

How do bot attacks work?

Bots imitate the behavior of a regular user, explained Dmitry Moiseev, Chief Security Officer of Paxful. “They are typically aimed at stealing client’s money whether via account takeover, so the bot can trade on behalf of the user or simply transfer all existing funds to the bad actor’s account,” he told Decrypt

“Behind the software are so-called “bad actors”, the people who control the bot,” Moiseevadded. “The bad actors develop a special database containing login or password pairs to start the attack. The way they access the logins is fairly easy because many users use similar credentials for social networks and other platforms. The login pairs are then filtered twice until there is a match that allows them to penetrate the victim’s account and steal the funds.”

The Secure Portal that Group-IB has supplied Paxful with is able to detect a range of online threats. They include bot activity, social engineering attacks, and fraud, originating from multiple sources including loyalty programmes and user accounts. 


In order to defend against bot activity, Secure Portal creates a unique fingerprint that is based on several indicators and metrics. These include information on the user-agent, as well as details like the operating system, device language and time zone employed by the user. 

Based on the information generated by these data points, as well as behavioral analysis, the portal “identifies and issues an alert for any suspicious activity in real-time, after which this detection is used by Paxful to block bad bots,” Group-IB said

“We continuously develop and implement relevant controls to keep Paxful’s platform secure,” Moiseevtold Decrypt. “We use various tools to help so that way, users can trade knowing that their account and funds are fully protected.”

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.