Security and Fraud Mitigation Ideas For Next Round

Hey Everyone,

I would like to use this post as a means to post Ideas for securing and mitigating fraud. Since Charles basically called people in Law Enforcement to help. I figured it may be a good idea to put our heads together to advise IOHK or the foundation on possible avenues to prevent fraudulent transactions, and helping keep people safe. I would Imagine that if the ideas work there could be funding put towards these goals in the next catalyst round. I will post my ideas are below, so let see what you all got.

I’d you would like to see the video where he calls on law enforcement for ideas. Click here → Scams and Misinformation about Cardano - YouTube

Wallet Ideas (w/credit to the authors):

  • There should be a customizable address book that will act as the users whitelist and commonly used addresses. These addresses can be modified by the user to include things like Name, category, and favorites. I.E “Mom” could be in the family category with a gold star and her address is always “addr…”

  • Create a community blacklist where people can submit malicious addresses. These addresses could be either hosted by IOHK or organization.

  • Tie in a backend for the wallet to check against a blacklist of addresses. If the user tries to send funds to an address on the blacklist the user is prompted with a warning that the address could be malicious.

  • Provide a means of submitting an address to the blacklist from the wallet and blockchain explorers.

  • Provide a seperate vault in the wallet that can be secured with a time-lockup feature, and/or 2FA that stops users from sending their crypto in a spontaneous moment. - EuroBlox

  • Of course provide a method in wallet to turn off this feature for advanced users who like to YOLO their assets without any bothersome prompts or warnings.

This is all I have right now. :smile:

Hi there,

I also got the call from Charles, and would like to contribute in whatever way possible.

I’ve been thinking about this problem for some time, and the best solution I’ve been able to “fit into” a blockchain scope, is the solution where you split up your wallet into two;

  1. a spending wallet - like a debit card for your wallet.
  2. a vault wallet, with an on-chain whitelist with 2 FA (like google auth) that is only able to send your spending account. This access control functionality could be stored on-chain. The vault could somehow be extra incentivized by an additional staking reward feature. To stop scams, where people fall for a scam without thinking carefully about their actions in the moment, the vault can be secured with a time-lockup feature, that stops users from sending their crypto in a spontaneous moment.

I hope I can contribute to the further development of security and anti-scam features with the community.

Best regards.

1 Like

Not a bad idea. However users being users. What would preclude someone from just sending all of their ADA to a malicious address even from the vault? I like the vault Idea. However I think the wallets need to provide more prompts to users with more information before funds are sent. Basically a well informed and pesky “Are you sure?” dialog box.

The vault can only send ADA to a whilelisted address, that is allowed in an access control list on-chain. This will typically be the address of the spending wallet. If you wish to add new adresses or send money out of the vault, a time-lock (lets say 15 to 30 mins) will be in place, and warnings with advise about not sending to scams, and make due dilligence of the receivers intent should be advertised upon sending from the vault.

2 Likes

I like it. It would work well with an address book. Will the whitelist be community based a well?

I’m not sure what you mean by community based? I was thinking that it would be a private list for your vault, that only you, as a vault owner with your private key, would manage.

ok thats good also. What I mean by community based is, that like IP address block lists that are managed by communities people in the Cardano community can submit addresses for addition to the list. However this is NOT for a whitelist only for a blacklist. The whitelist would be controlled solely by the user of the wallet.

Great idea with a community based blacklist - this could be exploited for a denial of service for wallets, so it needs to be governed in some way. But good idea, to block scams and such.

1 Like

I would like to move this thread to Security and Fraud Mitigation Ideas For Wallets Hopefully as an official Cardano Improvement Proposal.