March 30, 2026
12:00 – 1:00 PM EST
Speaker:
Taro Tsuchiya
PhD candidate, Carnegie-Mellon University
Talk Title:
How Does Financial Innovation Create New Security Vulnerabilities?
Abstract:
Traditional banking systems are heavily regulated, requiring days to complete an identification check or settle transactions. With technological advancement (e.g., blockchain, trading apps), users can trade pseudonymously or copy others’ trading strategies online. Users can even perform tasks traditionally reserved for governments or banks: issuing financial assets or verifying transactions themselves. This change, so-called “democratization” in finance, offers new opportunities for users, but also creates a new attack surface. This talk will introduce three novel computer security attacks in online financial systems. I will first identify vulnerabilities, estimate attack damage, and analyze attack strategies. The first study formalizes a novel denial-of-service (DoS) attack on blockchain peer-to-peer (P2P) networks, which exploits nodes’ financial incentives to minimize transaction validation latency. The second study examines a new phishing scheme on blockchain wallets, ”address poisoning,” where attackers spoof the victim’s recipient to misdirect the victim’s assets to themselves. The third study identifies malicious financial traders online who post toxic comments or deploy Sybil (i.e., fake) accounts to manipulate reputation. I will also discuss our initiatives to make our research accessible to end users.
Bio:
Taro Tsuchiya is a 5th-year Ph.D. candidate at Carnegie Mellon University (CMU) School of Computer Science (SCS). He is advised by Professor Nicolas Christin and affiliated with CyLab (Security and Privacy Institute). His work develops large-scale measurement infrastructure to study cybercrime and computer security attacks in the wild, particularly those targeting financial systems. The examples include denial-of-service (SIGMETRICS’25), address poisoning (USENIX Security’25), fake accounts and fraud (WWW’24, WWW’23), and stolen data (USENIX Security’26). He is a recipient of the Nakajima Foundation Fellowship and the CyLab Presidential Fellowship for his doctoral studies. Previously, he was a research assistant at Cyber Civilization Research Center (CCRC) under Dr. David J. Farber in 2021 and was a research visitor at the University of Cambridge, Department of Computer Science and Technology under Professor Alice Hutchings in 2025.