Security and Fraud Mitigation Ideas For Wallets

Developers CIPs
, , ,
1

Hey Everyone,

My original post was made here β†’ https://forum.cardano.org/t/security-and-fraud-mitigation-ideas-for-next-round/ I decided to move it to this forum for a more official exposure to the CIP community and developers.

Motivation

There is always good actors and bad actors in any community. With that said the rise of giveaway scams has been very disheartening. I would like to use this post as a means to post Ideas for securing and mitigating fraud. Since Charles Hoskinson has called upon law enforcement personnel to help and provide ideas. I thought it would be prudent to start a something where ideas can be put into practice. This will either advise IOHK or the Cardano foundation on possible avenues to prevent fraudulent transactions, and help keep people safe. I would Imagine that if the ideas work there could be funding put towards these goals in the next catalyst round.

I’d you would like to see the video where he calls on law enforcement for ideas. Click here β†’ Scams and Misinformation about Cardano - YouTube

Considerations

There should be practices put in place in a wallet that will advise or stop a person from sending funds to a wallet that is known to be bad actor. With that said such a feature should not be something that cannot be turned off. A wallet by design should allow the free flow of funds incoming and outgoing. However, there are times when inexperienced users of the Cardano network should be guided in the network as they learn about Cryptocurrency making sure that their funds are further secured.

Specification and Ideas

Wallet Ideas (w/credit to the authors):

  • There should be a customizable address book that will act as the users whitelist and commonly used addresses. These addresses can be modified by the user to include things like Name, category, and favorites. I.E β€œMom” could be in the family category with a gold star and her address is always β€œaddr…”
  • Create a community blacklist where people can submit malicious addresses. These addresses could be either hosted by IOHK or organization.
  • Tie in a backend for the wallet to check against a blacklist of addresses. If the user tries to send funds to an address on the blacklist the user is prompted with a warning that the address could be malicious.
  • Provide a means of submitting an address to the blacklist from the wallet and blockchain explorers.
  • Provide a seperate vault in the wallet that can be secured with a time-lockup feature, and/or 2FA that stops users from sending their crypto in a spontaneous moment. - EuroBlox
  • Of course provide a method in wallet to turn off this feature for advanced users who like to YOLO their assets without any bothersome prompts or warnings.
3 Likes
2

Just saw this awesome site. Maybe this can be integrated into the wallet. β€œCardano Fraud Detection Bureau”

3

I think these are good ideas. I have just suggested something that I call a verifiable account and support for yubikey.

I would appreciate if you would comment on my ideas. Fraud prevention is very important and it sems to be overlooked by just about every blockchain. Good countermasures would make cryptocurrency less prone to bad regulation. At least, that’s the argument you hear all the time.

4

I have been thinking about your suggestion and I think that most of what you suggest could be solved by some kind of somewhat centralised clearinghouse smart contract. JP Morgan thinks that a clearinghouse would be useful and I agree.

The idea is that there would be an app which would need access to your wallet. You would need a password and it should support 2FA. Once logged in, you could create your own whitelist.

It would also use an oracle so that it can identify suspicous addresses which would prevent users from sending anything to scammers.

Some kind of centralisation would be good. If you are a car dealer or similar, you would go to the bank, identify yourself and submit the adresses you use. In this case there would be a list of known recipients that you could use.

It could be the address of some kind of smart contract managed by jp morgan perhaps, such that whatever is sent is exchanged to fiat and then goes to a regular account.

You would have to pay a fee but it would give peace of mind.