CS = Crypto-Scam

Thank you all for your questions and ideas. Thanks to them I've developed a better abstract concept of handling crypto abuse. Before answering your concerns separately I'm gonna draw the whole picture of the working mechanism and hopefully your question will be answered meanwhile.

As mentioned several times before, such database will rarely be queried by anyone before sending coins. That's the reason why integration with major wallets is a must so they can help automate that process and actually advertise it to the user; what I mean is, there are two ways in which wallets should affiliate with CS:

• Receipt checking - Before executing a SEND order wallet app queries CS database and checks if the receipt address is fraudulent, because average user won't do that by himself
• Address reporting - I believe a very very small amount of crypto users will actually go to http://crypto-scam.io/report and fill a report with an abusive address they spot online, because that would require them to: a) open a tab in browser, b) lookup the domain of CS in case they forgot it, c) find a way to append the abusive address, d) fill other required info - given more and more people are using smartphones it's a general tedious process. If wallet devs would implement in-app reporting mechanisms to CS that would be great in terms of accessibility and more abusive addresses would be discovered, because people tend to be familiar with wallet app's interface instead of the one of another site.

I believe anyone should be able to report addresses without the need of some account registration. The cryptocurrency world is vast with many users, requiring each to create an account to report may be exhausting for server and possibly a privacy killer depending on the required registration data. However, as posts here have mentioned, reports themselves cannot be trusted and must be validated. For such issue I propose a dicing system, what do you think of it?

(image)

Steps:

   1. Humans are applying as verifiers. Verifiers are manually confirmed by CS webmasters to make sure they aren't bots or criminals. They will later check and validate reported crypto addresses. Because not many may enjoy browsing a website daily to do that, they will use a CS website interface and a custom android/iOS app.

   2. Within wallet application someone reports abusive addresses.

   3. CS sends the report to 3 random verifiers across globe to validate it and set the state of the address - scam or not. State of address is decided democratically. In case one or more verifiers is not online the report is passed to others worldwide. This method is more secure because in case a verifier itself is an abuser and reports addresses for no reason he can't be sure he'll be the one to incriminate the false-positive.

   4. Before executing SEND order, wallet checks the state of receipt address with CS.

---

It's similar to that with few exceptions: CS database will support more than BTC addresses, and will have a different verification system for deciding whether a report is fake or not.

There is no need for a new wallet. Already existing ones can use CS via the public API it offers; for example: https://api.crypto-scam.io/a/0x3Ae5c187FDB90553Cc439b1ee7341C0D2461688A/rep,type. They just need to code it in their app and ship a new version with it.

I've started this last week; project is still in beta phase - that means features are to be added, bugs to be fixed and tests to be made before asking popular wallet software developers to use CS. After being confident the backbone of the service is reliable I'll ping them, starting with those open source.

As mentioned before there's no need for a centralized wallet but I understand your point - yes, it will take time until wallets will make use of CS database. However things will speed up if service proves to be efficient, and that can be achieved by implementing meaningful tested features.

Thank you for your suggestions!

@LeGaulois indeed it's difficult to prevent such behaviour unless reports are manually verified. To avoid this type of abuse, system is currently limited to one report per 15 minutes from any machine; I couldn't think at something better in short time.

I humble say a warm hello to everyone happening to read this post.

The issue
No doubt you've heard of recent advance fee schemes among crypto world: Elon Musk and SpaceX donating bitcoins from Youtube videos. Bill Gates organizing faucets on Twitter. Barack Obama doing so to help fight COVID and many many others. These were all scams organized by hackers who used the public figures of prominent individuals to gain trust. Almost all have trapped hundreds of people, as open ledger explorers proved, into thinking they'll get rich over night by sending some coins to random crypto addresses and receive x2, x5, x10 in return. Unfortunately similar ads and videos are still posted on social media and video distribution networks. Elon Musk scam faucet-campaign hasn't stopped, same as Vitalik's one and even if social media staff manages to take the posts down in mean time, scammers still manage to trap victims into sending funds to fraudulent addresses in exchange of illusory hopes of getting rich.

So what's to be done with it? We know bitcoin helps us all, the senders, remain anonymous in our payments. But that applies to our receivers as well! Can we trust our receivers? Satoshi said "We have proposed a system for electronic transactions without relying on trust." And I guess he meant it in every aspect.

Proposal
We can create a giant open source database containing all abusive addresses. This is what Crypto Scam Project is all about and it's core idea relies on the following sketch:

Let's assume three fictionary men: John Doe, Foo Bar, Baz Bar

 1. John Doe spots a scammy Youtube ad with a fraudulent BTC/ETH/XRM/etc.. address claiming to triple the amount of coins you send to it. He goes to https://crypto-scam.io/report and reports it.
 2. Foo Bar spots the ad as well but doesn't know it's an advance-fee scheme. He proceeds to send funds to the address.
 3. Before executing the order, the wallet software used by Foo Bar queries the database of https://crypto-scam.io to check if the receipt address is fraudulent. Because John Doe already reported it, Crypto Scam signals it, and wallet software halts the transaction initiated by Foo Bar preventing him from falling into the scam.
 4. Alternatively Baz Bar spots the ad as well but he's suspicious about it. He goes to https://crypto-scam.io/search and manually queries the database only to discover the address is fraudulent.

That simple. You spot an abusive address - you report it to this database. You attempt a transaction - the receipt is anonymously checked before execution.

Now you'll probably say: "An abuser can always create a new abusive address. How does this app help us?" It takes time for anyone to merge the new address into an ad, a post, an image, moreover into a video. Comparing the time it takes for hardcoding the new address with the time it takes to report it, we'll notice this mechanism is productive in terms of protection. If such system was online when Musk's twitter got hacked, much more people would've been protected, that's what I think. And such breaches will occur in future, I believe it's important to develop security mechanisms in such matter.

Conclusion
Crypto Scam is a non-profit, open source database of abusive crypto addresses, distributed under MIT. I am positive its service will soon be adopted by prominent wallet software to help prevent abuse in crypto ecosystem. I hope you will find this initiative useful.

Project Homepage: https://crypto-scam.io
Project source (Github): https://github.com/tgbv/crypto-scam

There are very few startups in this world that went perfect from the beginning. The more tests we make the more we'll know the system is reliable, so please if you spot an abusive crypto address don't hesitate to report it: https://crypto-scam.io/report
If you want to contribute, I'd be more than happy to have you on board. Feel free to open PRs or Issues in Github repo.