Addressing Bots and Multi Accounting Concerns

Over the past few weeks, several community members have raised concerns about bots and multi accounting. A delicate balance is needed to keep the platform free of suspicious or adversarial behavior, while honoring the nature of the platform: open for all to join. In order to get a clearer picture of our current state, we have kicked off a number of work streams around business intelligence, better data warehousing, analytics tools, and bot detection/monitoring. These tools will help us understand the current bot behavior. How widespread is it? What end points/behaviors are getting botted? What are the signatures of the current bots, etc.?

These questions will take some time to understand. Knowing that this issue is of immediate concern to the community, here is what we’re planning to implement to help prevent the problems that have been observed:

Bots:

  • Implement a captcha system that triggers if a high frequency of transactions is detected
  • Potentially implement a queued transaction system (each subsequent transaction has to wait until the prior transaction is completed). This would remove any pure “speed” advantage that a bot might have over a human.
  • New coin launches: longterm, deploying a Fair Launch system that allows everyone to purchase at the same price for a set amount of time. In the interim, we’ve designed a “pseudo fair launch” system where the creator can designate transaction maximums, a cooldown timer between transactions, and how long these limits are set for.

Multi Accounting:

  • To prevent multi-accounting, the goal is to move toward a graduated system where more substantial transactions are limited by KYC, while balancing increased security with the goal of maintaining a smooth transaction experience.
  • A graduated system could begin without any KYC for transactions below a certain threshold, with a next step being to require a user to provide a mobile phone number at a certain threshold, and finally requiring KYC for certain transactions, including purchases over a certain amount, converting from Creator Coins to $RLY, or sending Creator Coins to another user.

Thanks to everyone who flagged the concerns and brainstormed possible next steps.

In order to build a platform that’s useful for creators, we always want to think about feedback from the creators themselves, and our community. If you have any ideas or suggestions, please make sure to voice them in here in the Forums. Thank you!

8 Likes

Thank you Mike for this post. It includes some sorely needed steps in the right direction, and as a developer, Creator, and Rally super-fan ™ I wholly endorse all of the above.

3 Likes

I definitely think a queued transaction system is a good idea; I already assumed we had one! I also think optional transaction maximums and optional cooldown timers are a great idea, regardless of whether they’re temporary or not. I also think they should default to being on, while being both large enough and short enough to only be a minor inconvenience to 95% of the purchasers/sellers. Given that Rally’s target demographic is people who are new to crypto, I’m all for putting on more (optional) training wheels!

2 Likes

I imagine this handles website-based buys and sells. Is there a system or strategy in place to handle significant API usage for buys/sells? (Are API buys/sells even a significant issue rn, or have API users been “well-behaved” as far as community concern would likely go?)

Edit: Nvm. Can’t buy or sell via API. Neato.

I think that changes like these are definitely a great step in the right direction to make the rally platform as fair as possible. Adding a captcha system seems like a very simple and easy way to minimize bots – perhaps also have the captcha system be triggered when there are multiple accounts logging in from the same IP. One thing that does come to mind regarding requiring KYC for transactions is that one has to be 18 years old in order to complete KYC, meanwhile, Rally is open to anyone 13 and up. As you can see, this would severely restrict those under the age of 18, but still allowed to use Rally. The obvious solution would be to require in the ToS that all users be above 18, but the number of people between the ages of 13 and 18 who want to support their favorite creators is not few and I think that we’d be [figuratively] shooting ourselves in the door by removing them as possible users of Rally. Now of course, in a graduated system, this issue would be minimized since users would only require KYC at a certain threshold, so my concern is completely invalidated in the case that the NYC threshold is so high that no teenager would be able to reasonably put that much into Rally. As such, could you elaborate a bit more on how the graduated system would work and what you have in mind for the thresholds? To be clear, I am not at all against the graduated system – I am all for it – I just think that there’s a few different things that we should keep in mind when developing it.

I’m pretty sure that you can’t buy or sell creator coins through any of the public APIs.

Hmm. I was under the impression that you could get deeper access through some authorization process that would allow for buys and sells. Which is still close enough to ‘common’ access to me to ask. I’m not familiar with, assuming that’s how that works, how closely monitored those deeper authorizations are (oAuth, etc.).

I’ll ask for clarity to make sure I’m asking a question on a reasonable premise.

Edit: There is no ability to buy or sell via the API.

1 Like

Bots:

Implementing a CAPTCHA might seems like a good idea at first.
Realistically, is it quite futile; a simple plugin can be used to solve it.
Not the best use of resources.

Solution: None.

It is only relevant for Coin launches.
Otherwise, totally useless; there’s not enough tx/volume to justify it.
Furthermore, they will make more alt accounts to bypass the queued transaction system.

Solution: Since it is only relevant for Coin launches, we should wait for Rally to announce the guidelines and details of the Fair Launch update.

It is way too complex and unrealistic.
How can we expect a new creator to set these parameters on their own?
And how many will take the time & energy to understand their purpose?

Solution: Wait for Rally to announce the guidelines and details of the Fair Launch update.

Quite rampant :

These charts concern me.

Solution: Someone needs to be paying attention to make sure Rally maintains its compliance with US law.

This must be a good starting point:

200k$RLY spent under 3 minutes on 2 brand new coins.

Just honestly wondering what is it exactly that is concerning to you on these graphs?

And what about the manual buys I alone already did (not being a bot)? (Aside from the fact that mine were only small buys compared to these in your screenshot).

I do agree there seems to be bot behavior, but looking at the discord reactions just today, multiple users noticed they couldn’t always make the transactions. A few of which (including me) would be manual transactions as well. Who knows how many users would be (trying to) doing so?

What is honestly concerning about these graphs?
Can’t you see the blatant pump & dump pattern on every single chart?

And what has that (pump & dump) to do with bots and/or multiple accounts (topic)?

The pump & dump is a result of the reward system, with its model comparing it to the 4wk averages. That’s what I’m seeing in these charts.

I agree, a fair launch platform settles most of the problems. And CAPTCHA is the largest crap system I ever deal with in my internet journeys. If it forces me to slow down then we have a problem because I see efficiency as extremely important in anything I do. CAPTCHA does not do anything positive for this.

The ‘pump and dump’ that the CannibalSheep screenshot indicates has very little to do with Rally rewards. The screenshot shows that the first few purchasers of a new coin buy it at around 1.10 RLY or less. 120 seconds later the price is about 4 RLY. That’s almost a 300% gain in 2 minutes. This creates an enormous economic incentive for people to create bots in order for them to get those gains. Hell, it might inspire some people to learn programming just for this one purpose. It also creates an arms race where different bot creators try to write more and more sophisticated bots in order to get there first ahead of other bots. The best bot makes the most money. This is true throughout all of crypto and probably other industries as well.

Of course, these buyers can’t sell their coins immediately due to flow controls. This is why you see a ‘sea of red’ for about a week or two after a new coin launch. They are trying to liquidate their purchase as fast as they possibly can within the bounds of the current system. During this time period they will definitely get some Rally rewards which I’m sure they enjoy, but these rewards are really just a bonus on top of the massive gains that they got from being the first purchasers. If they could re-sell their coins an hour after purchase then that’s what they would do regardless of any rewards.

Btw, I believe there may be a different form of ‘pump and dump’ that might occur later in a coins existence where people pump up a coin later on in order to boost rally rewards. I think this is a slightly different topic which I don’t think is related to bots very much.

Note: I want to be clear that I’m not accusing any particular transactions above of being bots. Maybe some are bots maybe some aren’t, the fact of the matter is that some probably are. Also, I was hesitant to post this comment since maybe it isn’t the best idea to give away specific bot information. So if admins want to delete this comment then I would understand. However, I think that the sooner everyone understands the problem the sooner we can move forward. The situation above is the whole reason why Rally is working on a ‘fair launch’ system, its to reduce the bot arms race where a small number of individuals are making huge profits due to their technical skills. I’ve seen a lot of criticisms of ‘fair launch’ on the forums recently. My plan is just to wait and see how it is implemented. My hopes are that it will alleviate the situation, but we’ll see.

If you’re thinking of “making money” yes, then it might be frustrating. If you’re supporting your creator as a fan, it doesn’t matter at all, once you start thinking in the # of Creator Coins owned. As you still hold the same amount of Creator Coins of that specific creator and in most creator cases you can still use it for the same perks, owning 1 / 5 / 50 / 500 coins (in $-value, it does).

And yes I agree, if things are not allowed according to T&C’s, it should be tackled in a correct way. And if not, T&C’s should be updated taking restrictions out.

Besides that, the graphs shared 1) don’t depict the same trends, it’s different starts for several of the examples taken (still BOT as well as non-BOT actions will have occured in buying / selling quickly after launch) and 2) you do see the overall trend of the reward impact, peaking after approx 3-4 weeks (getting close to / in rewards) and again after 7-9 weeks.

But apparently we do see different things in the graphs shared, so we’d better agree to disagree.

In my opinion bot impact as well as reward impact will become less & less over time, as more people will start using Rally.io and creators are continuing building bigger / more engaged communities with more stable creator economies. And yes, with smaller creator coins, peaks will still be likely to happen. But that’s what can happen in every single cryptocurrency in an open market, even with the biggest ones like BTC or ETH.

2 Likes

Rewards are just a plus on top of their massive gains from Coin launches.

You’re not wrong.

Bots use basic algorithmic trading scripts to find the best opportunities.
They are powerful risk management tools: position sizing, risk/reward ratio, real-time data, stop losses (esp. if another bot/whale or a long con speculator starts dumping), name it.
They can earn as much as 30% ROI per week for about a month from Rewards by targeting low liquidity coins.
Obviously, they’re targeting these coins because they’re mostly whale-free… and they can easily cover any fan selloffs by farming Rewards.

This is exactly what happened with both $NNKC and $CLUB this month:

Solutions:

  • I don’t think a crusade against bots is the best use of resources; it is primarily a low liquidity problem.
  • Since misrepresenting a human actor with mechanical means in violation of TOS is committing wire fraud; it might be a wise idea for Rally to update its TOS.
  • Rally could consult a firm specialized in exploitation techniques and security vulnerabilities. It’s a matter of days before non-amateur coders join the party.
  • Make sure every single dev with a restricted API oauth key is legit. A Criminal Check for fraud should be taken into consideration (esp. as they can access some private / personal information of Rally customers).
1 Like

The details mentioned in the graduated system section feels like a bit of marsh that could wall off massive amounts of potential-future users while possibly placing a bruise upon Rally that Rally outreach can not resolve nor overcome.

I can see various causes for a negative chain reaction through word of mouth within social scapes if this is handled incorrectly.
How ? If it is easier to support a creator thorough another method, then why bother with Rally ?
Word spreads…and growth slows instead of becoming blazing hot.

  • Creative barriers to the average user equates to annoyances.
    Example: Photo Captcha from Google is horrendously made.
    “Click pictures with Bicycles”… People ask; “does that mean 1 bike or more than 1 bike?..which does it want ? UGH…Grrr…”
    *I hear about this all of the time from clients. They are beginning to abhor google and I can’t blame them.
    Paypal this past week asked a client for his grandmother’s maiden name… I laughed out loud and said, “that’s absurd…which grandmother?”. Meanwhile the client is 78 and ready to cry as their money is locked behind literal and excessive nonsense.

My point is that fixing one problem must not create a myriad of other problems that get overlooked for the convenience of the primary resolve gained.
In the end, there’s always going to be people camping for a coin launch. Bots should be handled via a method that doesn’t affect Rally’s current growth targets. I feel these general measures would tarnish the brand if implemented as they were mentioned.

Perhaps specifics of these measures will be polished via feedback as to avoid harming Rally’s growth strategy.

People talk and sooner or later, **** hits a fan : A point when suddenly no one flinches/thinks/etc after hearing the grapevine talk badly about something.

  • It happens everyday and at the speed of light.

Having said that, I am sure that the team will be avoiding changes that result in unintentional-stifling measures. I simply felt it necessary to point this out as it felt that other replies were of niche and nuance.

Sure we all want bots handled but agreeing to generalized plans without concise details as to how the future of Rally could become affected, is simply rushed thought for temporary resolve as the ship turns heading into newly generated sets of issues.

Thank you for reading. // and this post wasn’t intended to offend anyone. My words are genuine.

  • EricB.
3 Likes