With the expansion of the cryptocurrency ecosystem, there has been an increasing number of malicious actors that have infiltrated the crypto space. These individuals create diverse crypto scams and defraud crypto users of their assets. Over the years, these scams have taken different forms like Ponzi and pyramid schemes, fake coins, fake ICOs, malwares, phishing, fake exchanges and wallets, Bitcoin blackmails, impersonation giveaway scams, mining scams, and pump and dump scams.
These scams have plagued the community for so long and stolen funds worth millions of dollars. For instance, in a 2018 Bloom article by Shannon Wu, she gave a rundown of the most lucrative Ether scams, and the figures were stunning. As at that time, fake MyEtherWallets/MyCryptos had stolen $7.57 million; fake ICOs, $4.5 million; the word “give,” $1.48 million; Punycode lookalike domains, $507,000; fake exchanges, $502,000; the word “gift,” $459,000; and Elon Musk scams, $32,000. A total of $23 million! And these were the only ones traceable at the time.
Crypto scams have also rocked not just individuals but also countries like Uganda. In an article by Ozy.com, it was reported that Robert Bakalikwira, a criminal investigations officer said that in the last two years, 200,000 Ugandans have lost around $1 billion to these scams, which is almost 4 percent of Uganda’s GDP of $28 billion.
Apart from the money taken away from innocent crypto users, these scams also soil the reputation of the crypto community. It heightens the distrust of many individuals who would rather seek other sources of investment instead of cryptocurrency no matter its potentials. A good example here is Floyd Mayweather. After backing two fake ICOs — Centra which was charged with fraud by the Securities and Exchange Commission, and Hubii which raised less than 20% of its targeted $50 million in its ICO — the boxing champion decided to stay away from cryptocurrencies.
Since the cryptocurrency world prides itself as a decentralized system where power is in the hands of the community, the onus lies on members of the community to protect themselves from these scams. This has birthed thoughtful innovations (e.g. bitcoinwhoswho.com and fried.com) geared at protecting crypto users from scammers. Ethereum Scam Database is one of such innovations.
What is Ethereum Scam Database?
This database can be tagged “The Sentry of the Cryptocurrency Kingdom”. Launched in 2017,Ethereum Scam Database (EtherScamDB) is a smart tool that aggregates information from diverse sources pertaining online scams in order to prevent new members of the crypto community from falling victim to these scams.
Created on July 31, 2017, the first version was released to replace a Google Sheets documents created by Taylor Monahan — the founder of MyEtherWallet and, later, MyCrypto Inc. — which tracked Ethereum phishing and scamming links. Upon creation, the database had about 2000 scams.
On Christmas Eve in 2017, EtherScamDB 2.0.0 was launched to replace the static page generation of the previous version with a dynamic one using Express. As at this time, there were more than 2600 malicious entries on the database.
Work began on EtherScamDB 3.0.0 by July 2018. However, there was an incessant demand for scam-tracking outside the Ethereum network, and as a result, this version was never released, but was rebranded as CryptoScamDB.
Having evolved into CryptoScamDB, the database currently has over 6500 malicious entries. It is an open-source database, so every day, new data are collated, analyzed and added to the growing database. EtherScamDB and CryptoScamDB are powered by MyCrypto Inc. — a company dedicated to creating a secure crypto ecosystem through educating the public on best security measures, exposing malicious actors and scams, and providing scam detection services that could be incorporated into existing crypto products.
As at the time of writing, there is a total of 7,849 scams (registered under 3,388 addresses) on the database, which are categorized as phishing, scamming, or fake ICOs. Information on this database is shared with law enforcements agents and various projects in order to prevent and close crypto scams and their operators.
How does it work?
Since it is an open-source platform, the website ensures that is transparent with user privacy and reporting, and blacklisting choices.MyCrypto uses an open-source analytics platform, Matomo that is hosted on MyCrypto’s servers. MyCrypto ensures that no third-party, including Matomo, can access user data.As much as it can, the site aims not to collect personally identifiable information from users.
With the “report” functionality, users can report suspicious URLs, cryptocurrency addrsses, stolen cryptocurrencies, and crypto scams across the internet. Depending on the situation, users may be required to provide their cryptocurrency public address, the cryptocurrency public address where they sent funds to, websites visited, and additional information they are willing to share.
Non-personal identifiable data that are collected by the database include:
- Date and time of the user request
- Title of page being viewed
- URL of page being viewed
- URL of page viewed before the current page (referrer URL)
- Screen resolution used
- Time in user’s time zone
- Files clicked and downloaded
- Links to external domain that were clicked
- Pages generation time — also known as “page speed” means the time it takes for webpages to be generated by the server and downloaded by the user.
- Main language of the browser used
- Page being viewed when a user clicked the “Help & Support” link
User reports are collated as Raw Reports, stored in a communications channel and marked as processed. Reports containing sensitive or personal information are destroyed as soon as possible. Although, there are cases where deletion of such data may take longer. A Raw Report is neither shared nor sold to a third party without an express written permission of the reporter. However, there are cases where a Raw Report can be shared with a third party such as: (i) if sharing the report is required under applicable laws or regulations (ii) if MyCrypto Inc. deems it necessary in accordance with its mission to safeguard users across the crypto space.
A website is blacklisted if it:
- Impersonates popular crypto services
- Impersonates popular crypto personalities
- Sends user private keys/secrets to backend services
- Conducts a giveaway that requires participants to pay an advance fee
- Lies to investors about a project
- Uses Ponzi or pyramid scheme language
A crypto address is blacklisted if it:
- Is associated with a blacklisted website
- Receives funds from a profiled security event such as a hack, breaches, ransomware, or smart contract
In some cases blacklisting is a temporary action. A website and, or crypto address is removed from a blacklist if:
- The offending action — in this case, private key harvesting — is removed, reported to MyCrypto Inc. by a team member with the blacklisted entry, and reviewed by MyCrypto Inc.
- MyCrypto Inc. makes a genuine error and is notified by a member with the blacklisted entry.
Aggregated data, and analyses of suspicious URLs and cryptocurrency addresses are published to a database accessible through the following links or their related forks:
How is information stored
Personal information are stored on a network of computers, cloud-based servers and other technology. These information are protected using best practices and technology such as firewalls, narrowly-tailored internal breach recognition and notification procedures, data encryption, and controlled third-party and employee access to the database.
The chances of a data breach occurring is relatively slim because of the little amount of information collected coupled with standard protective procedures. However, if a breach occurs, members of the community are notified using the official social media platforms of MyCrypto Inc. These channels are also used to notify the community about security issues in the Ethereum network, and also in the cryptocurrency ecosystem at large.
In an article on Medium, the database said it has been helpful in different projects and educating individuals about different types of crypto scams and how to recognize them. Examples of projects that have utilized data from the database include: (i) Brandon Arvanaghi and John Backus’ comprehensive analysis of the most lucrative scams, (ii) PhishFort’s incorporation of CryptoScamDB’s data into their browser extension, and (iii) Warning updates posted on the Twitter comment section of block explorers like Etherscan and forums such as bitcointalk.org, with links to the CryptoScamDB’s index.
In conclusion, it is expedient that members of the cryptocurrency contribute one way or another to the growth of this database. The more crypto scams that are exposed, the most sanitized the crypto space will be. A sanitized crypto ecosystem will be boost the confidence of the community members, and also dampen the skepticism of those outside the systems. For people like the citizens of Uganda, knowing that there is a way to keep track of scams would revive the faith they once had in cryptocurrency.
Bearing all this in mind, crypto users should not be silent about scams. Stolen cryptocurrency, phishing sites, fake coins, fake exchanges and wallets, and other forms of crypto scams should be quickly reported to CryptoScamDB. Funds may not be recovered, but at least these scams will be nipped.
Find out more details here: Xtrgatescam