[bisq-network/proposals] Delay payout for Fiat trades if buyers account is fresh (#77)
notifications at github.com
Sat May 4 22:16:38 UTC 2019
I realize that the scammer wouldn´t even need stolen accounts but just real bank account details (name and bank account number, no password needed) so the cost of setting up these accounts could be even zero and also no time pressure. So let´s say that the scammer sets up 3 accounts with real bank details (let´s call these accounts the scammer **SEED** accounts) and makes 3 sell trades of 0.01 BTC that would cost him 3*$60= $180. In the case we think possible that a scammer is willing to spend this money for this strategy, I doubt that receiving banks detect anything because those would be 3 completely different and unrelated transfers (the sender bank will notice nothing as it is just another outgoing transfer from a Bisq user). Only the victims could detect the incoming money as suspicious, but would they take the time and effort to complain about receiving $60? Even if the victim returns the money to the sender, whe have to rely on the Bisq user (BTC buyer) to report that he has got both the BTC and the money.
Now after one month, the scammer does set up several stolen accounts with high balances, he attests those new accounts using the 3 initial SEED accounts **through fake fiat trades**, so the fresh stolen accounts with high balances begin to age while remaining totally untouched. After 1 month he begins to cash out from those untouched high balance accounts as fast as he can.
A rather nasty variant of the above attack would be to harvest bank account data from Bisq users for the purpose of setting up the 3 initial SEED accounts. In this case the banks won´t notice anything for sure, only Bisq users could, and I guess active users would certainly notice, but maybe old or not very active Bisq users would not notice. This would be nasty because once the scam is discovered honest bisq users would be incorrectly blamed for attesting scammer accounts.
So I tend to reassure myself that if the reputation system is going to become our main backstop, then becoming a verifier should not be easy / cheap.
> I think the first trade will be mainly a kind of "validation trade" where he starts to get attested.
I dare to strongly conclude that mantaining the account age at 0 while not having a real trade, that is, a buy trade with a trusted user, it is already a great advance as it really puts a lot more of time pressure on scammers than the current model where accounts begin to age without any trade at all. Small sell trades would also be real trades, but I am having many doubts about them as explained above.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bisq-github