[bisq-network/proposals] Distributed reputation system (#78)

Manfred Karrer notifications at github.com
Tue Apr 23 14:01:31 UTC 2019


@sqrrm I understand now your attack scenario (after out discussion). I summarize it here again and documment the protection idea:
Attack: The scammer could use a sybil account (his own valid account or a colluding peer) to get a signature by doing a real trade. After he get signing right (e.g. after 1 month) he do a fake trade with the stolen account to that sybil and gets the signature as well. He does not use that stolen account for any transfer so it stay undetected. After 1 months he is fully trusted and he starts his cashout scam and don't suffer the delayed payout of the BTC.
Protection: One a chargeback is detected we can check which account age witnesss owner has signed the scammer (the sybil in above case). We check who has signed the sybils account age and with that we detect the users who have really traded with the sybil. The get an alert in their app to report that user to the community and the account details (name, IBAN,...) of the sybil can be used for criminal prosecution. Just to have that option in place should increase the risk for the colluding peer a lot to not be part of it. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/78#issuecomment-485815630
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190423/fdbe3a2a/attachment.html>


More information about the bisq-github mailing list