Crypto has several features that are attractive to scammers. There’s no bank or other centralized authority to flag suspicious transactions and attempt to stop fraud before it happens. Crypto transfers can’t be reversed — once the money’s gone, there’s no getting it back. The problem is aggravated by the simple fact that most people are not well versed with how crypto works.
Total cryptocurrency scam revenue for 2022 currently sits at $1.6 billion [1]. The median individual reported loss is a whopping $2,600 [2].
It’s not only scammers stealing money, but also blackmailers, money launderers, illicit entities backed by nation state actors, terrorist organizations and darknet dealers. The US Department of the Treasury maintains a list of sanctioned entities to which companies and individuals alike have to comply to. While entities like crypto exchanges and banks have access to advanced information and analytics on crypto scams, an individual crypto player has to rely on their own due diligence and luck. Crypto did succeed in decentralizing institutions, but the ability to defend against scams is largely centralized.
Starting with a Solution
With a grand vision to solve this problem and make Web3 safer for everyone, DirtyHash was created as an open source project to defend against Web3 and Crypto frauds, phishing, ransomware, blackmailers and money laundering. With this you can analyze suspicious entities (BTC and ETH wallet addresses, smart contracts, websites, twitter handles, etc.) to detect frauds and scams. You can report scammers and share them with the community.
DirtyHash applies machine learning techniques to detect malicious wallet addresses in realtime, and provides a risk score for a particular wallet address. In addition, it scrapes the internet for malicious entities, uses publicly available crypto scam databases, leverages reports submitted by users, maintains blacklists of malicious entities, and whitelists of known entities. It maps the transaction graphs in blockchains to hunt for related scam entities. DirtyHash also searches for malicious entities as reported in the Sanctions List by the US Treasury Department.
After you report a scam on DirtyHash, it is evaluated further by automated algorithms or by manual screening, and is then added to the DirtyHash reports database. In the near future, if you report a new scam that was not present already in the DirtyHash database, then you will get rewarded in the forms of DirtyHash DAO tokens. There is also a Search and Report API which could be used to bake DirtyHash capabilties into other applications.
Following are some crypto addresses and domains that you can check out on DirtyHash:
- BTC (fraud category): 31pkayxomDRSFRQ8Tuomvs6hm49szqkQ6s
- BTC Binance (non-fraud category):bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h
- BTC (ML based detection):114Ap9G5nu78vESC648amPwSeqUorPtV5L
- BTC (from US Treasury OFAC Sanctions list):123WBUDmSJv4GctdVEz6Qq6z8nXSKrJ4KX
- ETH (machine learning based detection):0x5f6de8a46f5050f490ea7ace69d0d0034b49bbee
- ETH Smart Contract (phishing):0xcb944f73698f85faba8c8dc2fdc8e81ef1ae9dc9
- ETH (Tornado Cash): 0x12d66f87a04a9e220743712ce6d9bb1b5616b8fc
- Twitter handle (fraud category):VitalkButerin
- Web3 domain (non-fraud category):uniswap.org
Strong Traction
DirtyHash currently has over 13 million pre-analyzed BTC and ETH addresses, domains and Twitter handles which have been linked to a scam. Users from 44 countries have used the service in the pre-release phase that ran for a period of 2 months. Following is a map showing countries with DirtyHash users (in blue, as of 8th Nov, 2022). Starting Nov 7, 2022, the DirtyHash portal is generally available globally.
Even in the pre-release phase, DirtyHash received a DDoS (Distributed Denial of Service) attack. The service recovered back after a small downtime, but this incident highlights its effectiveness against scammers, thereby protecting crypto users.
Whats Next?
As next, the DirtyHash team is working on supporting other popular blockchains like Solana and Flow. It is setting up an incentivization mechanism for users to report scams, in the form of DAO tokens. DirtyHash is in discussions with popular crypto wallet providers to have the risk score integrated in the wallet itself and shown before the transaction approval. The team would also launch a browser extension to alert users and help them defend against crypto scams.
Call to Action
The DirtyHash portal is operated by Perinno AB, based in Sweden, which is an independent research lab focussing on Web3 security.
Also published here.