[DISCUSSION] Flagging Bitcoin addresses

[Upgrade00]

There has already been lots of threads started as a result of the recent hacking episode on Twitter, but I'll like to discuss the possibility of escape for the scammers.
The scammers used this address - bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh and received a total of 12.86503618BTC of which they've sent out 12.85345191BTC to different addresses which are undoubtedly controlled by them.
Bitcoin transactions are irreversible and as such recovering those funds is not possible, but can privacy providers limit the options scammers have for obfuscating a transaction history?
I understand the need for regular Bitcoin users to want to keep their transaction history private, so these measures would hypothetically only be used in cases of fraud.

• Their likely option would be using a mixer or coin joining service. Could such addresses be flagged and as such make that address and others which receives funds directly from it restricted from using their services? Or is there already a way to do this?
This would not return the funds but would limit the options available for scammers.
Privacy services could create an avenue for the public to report potential scams and have a team look into reports to determine which to act on.
• This could only be used for high profile scams that can be easily investigated.

*I don't want to discuss other means making transactions private, so as not to give scammers different ideas.

[1715489524]

1715489524

[1715489524]

1715489524

[1715489524]

1715489524

[1715489524]

1715489524

[anu1908]

if you add a 'backdoor' to some services, it will likely be used again and get abused. not to mention those services might not want to do it since it would affect their reputation. that being said, it's possible some services already do that, especially a mixing services that is actually run by an agencies. i think the core problem is that some people still fall for petty tricks.

[mocacinno]

So, you're basically asking mixers or coinjoin services to provide a way "honest" people can provide the mixer not to accept funds that were previously funding an address they believe to be used with malicious intent.

That's about the same as a country asking for a backdoor being built into cryptographic functions so the good guys can decrypt encrypted messages.

It's not enforceable, it will be abused, and what will be the requirements to prove you're an "honest" person?

In reality, mixers are run by anonimous entity's, I doubt they'll show any interest in not accepting certain funds...

Don't get me wrong, i'm not a fan of what those hackers did. They should be caught and punished severely... Just not by building backdoors into tools that are also used by honest people to regain some of their privacy.

[ABCbits]

It'll be used as censorship tools or excuse to scam honest users who wants to have privacy. There's another problem such as innocent user who didn't know that his Bitcoin is "tainted", even though he earned it legally.

[wxa7115]

I get what you are saying OP but this creates a serious of problems, to begin with we will need a centralized party looking at each case to try to determine if what happened was actually a scam and if it can be proven at all, in this case this is very obvious but think about all the cases in which this is not the case, this could easily lead to corruption as what we see in most centralized systems anyway, in fact this could lead to a malicious actor flagging your coins just because you dissented with him and if he has enough influence he could convince the ones making the judging to flag your coins even if you are innocent.

As such it is better to let things as they are and lets hope the hackers of this recent incident get caught because they made a mistake along the way.

[Upgrade00]

So, you're basically asking mixers or coinjoin services to provide a way "honest" people can provide the mixer not to accept funds that were previously funding an address they believe to be used with malicious intent.

That's the idea, but not "honest people", just regular users. Similar to reports on hacked accounts or faked identities on social medias like Twitter. There should also be a review system to check the reports and decide whether or not to act, this should reduce witch hunts.
I'm not suggesting users have access to addresses that have tried to use such services, it's just sort of a forewarning to the service providers that this address has been used for scams.
I also see how it can prevent regular users from using such services as they would fear being locked out.

There's another problem such as innocent user who didn't know that his Bitcoin is "tainted", even though he earned it legally.

This is also an issue I was considering. It could lead to segregation of coins based in its history, although I think this would eventually happen.

[ReiMomo]

According to the Chainalysis twitter account (one of the bitcoin transaction investigator service), the fund that collected by the hackers have not yet converted the bitcoin or not yet on the exchange. And I think they are collaborating all exchange platforms regarding this to labeled the bitcoin addresses that linked in scam address. I guess it would be better if also bitcoin mixer service would collaborate this.

At least the scammer will get hard to convert the bitcoin collected into cash right now. There are too many bitcoin transaction investigators who keep their eye on the bitcoin scammed.

[o_e_l_e_o]

Don't get me wrong, i'm not a fan of what those hackers did. They should be caught and punished severely... Just not by building backdoors into tools that are also used by honest people to regain some of their privacy.

Agree 100%. This is essentially the same argument we see when some terrorist was found to be using WhatsApp, and then the US government try to force Facebook to build a backdoor in to WhatsApp so the government can spy on communications, but they would definitely only use that power if you are a terrorist.

There's nothing to stop such a tool being used against political activists, government dissidents, whistle-blowers, and all the other people for whom privacy is vital. It also sets an incredible bad precedent when some members of a community can unilaterally decide to exclude other members. If you want to use a coin like that, then may I suggest one of the many centralized scam altcoins.

[crwth]

If this happens, would it be considered as "lost bitcoins"? Since it was tagged as coming from a scam, I don't think no one wants to touch it. The problem with returning it would  be a hassle unless there is a service for that and verified wallets should be done as well. But there are a lot to consider since there are custodial wallets that cannot sign messages as well, it would be a hassle to verify. I think you could add this as a point to consider.

[AdolfinWolf]

If this happens, would it be considered as "lost bitcoins"? Since it was tagged as coming from a scam, I don't think no one wants to touch it. The problem with returning it would  be a hassle unless there is a service for that and verified wallets should be done as well. But there are a lot to consider since there are custodial wallets that cannot sign messages as well, it would be a hassle to verify. I think you could add this as a point to consider.

Let's say this get's adopted, and every honest user and website agrees to adhere to it...

What simply happens is that cheaters will use platforms such as bisq or maybe to a lesser extent sites like Paxful, or really just any pure P2P trade where they will give a slight discount or whatever, luring newbies who have not heard of the above understanding to get "scammed", because they'll receive coins which are basically unspendable on centralized exchanges.

Unless you also enable these flagging tools in clients such as electrum and bisq, but even then, it seems like a ridiculous hassle, I mean... BISQ/Paxful can't even implement native segwit.

In an ideal world, the "hackers" - lol.. should get caught at the on-off ramps. This is not a responsibility of the protocol.

At least the scammer will get hard to convert the bitcoin collected into cash right now. There are too many bitcoin transaction investigators who keep their eye on the bitcoin scammed.

He will have a hard time proving where he suddenly received $130k from. other than that, i don't necessarily see that many obstacles.

 There are a plethora of ways to try and make it untainted, and just as many selling P2P without revealing your real identity.

That's the idea, but not "honest people", just regular users. Similar to reports on hacked accounts or faked identities on social medias like Twitter. There should also be a review system to check the reports and decide whether or not to act, this should reduce witch hunts.
I'm not suggesting users have access to addresses that have tried to use such services, it's just sort of a forewarning to the service providers that this address has been used for scams.
I also see how it can prevent regular users from using such services as they would fear being locked out.

I think this might be a slippery slope.

[Upgrade00]

I appreciate all the feedback, and I should state that this is not an idea I want adopted, just wanted public opinion on it

It also sets an incredible bad precedent when some members of a community can unilaterally decide to exclude other members. If you want to use a coin like that, then may I suggest one of the many centralized scam altcoins.

It won't function unilaterally as this members would still have to submit enough proof to the service providers. It could hypothetically only be applied in large scams where proving and verifying it would be an easy task.

Your idea require the reviewer to be completely neutral and without bias, which is impossible.

I see how the human factor can limit it, but can bias be created against a wallet address with no known identity linked to it?

I think this might be a slippery slope.

I agree. I will personally not use such service, if I could be locked out based on reports as it would bring in the question of trusting the third party and its judgement.

[o_e_l_e_o]

It won't function unilaterally as this members would still have to submit enough proof to the service providers.

But there is no mechanism for the owner of the address in question to defend themselves against the allocations prior to being blacklisted.

It also raises the questions of who provides this service, who reviews the evidence, how are they compensated, what prevents them from "going rogue", what mechanisms exist to monitor them and replace them if necessary?

I see how the human factor can limit it, but can bias be created against a wallet address with no known identity linked to it?

Because if I blacklist an address with a significant amount of coins, then my coins now become more valuable.