Security API

This guide reveals how we track and show scam accounts and their activity.

Scam Warning!

A scam is a serious threat to any blockchain ecosystem. Any scam, be it blackmail or extortion, fake job opportunities or giveaways, impersonations, fake investments, pump and dump schemes, or phishing, breaches security and undermines trust, causing the loss of millions of dollars.

πŸ“˜

As Scam Sniffer Phishing Report suggests, 57,066 accounts fell victim to scam attacks by March 2024 totalling in the loss of $46,863,781 . Notably, the overall number of victims who lost more than $1 million decreased by 75% compared to January 2024.

We realize the potential damage scams can inflict, so we offer functions to track scams to ensure all users can avoid shady accounts and their proposals. This will enhance blockchain security and user confidence.

How do we Define and Handle Scams?

Let's clarify what we mean by scam. Simply put, a scam is a fraud β€” an activity aimed at dishonestly acquiring funds. The nature of a scam is complicated, and a single scam may involve various entities: NFTs, collections, smart contracts, coins, custom objects, etc. We detect not only a scam account but all possible entities it has created, thus forming a relation graph.

We mark all such entities as scams and provide warning messages to our explorers. We use Metahub - our name service, which has all the off-chain data we index ourselves - to label accounts and entities related to them as scams. This allows users to view anything related to scam activities to avoid falling victim to scammers.

Where do we Get Data about Scams?

Each scam case is unique and requires an in-depth investigation. We do not do such investigations ourselves, but we use credible sources to get information about scam accounts, including the following:

  • open sources,
  • data received from the community,
  • cases reported by users;
  • our own heuristic algorithms to detect scam that takes into account the specifics of an individual blockchain.

If you find a suspicious account, please inform us by reporting a scam in our Submit Hub.

Scam Detection Infrastructure

We provide a holistic infrastructure to detect and aggregate data about various scam entities: accounts, coins, smart contracts, etc., as well as transactions that run with them. This infrastructure comprises the following components:

Scam Database
We maintain an open-source database where scam addresses and all entities associated with them (coins, smart contracts, NFTs, etc.) they have created are displayed. This database is accessed via our Security API and is regularly updated and synced.

Security API
We provide our Security API as part of Blockberry API, which offers endpoints containing parameters indicating scam activity.

Tx Verification Service
It’s critical to warn users about potential scams early on before a scam transaction runs since scam prevention is paramount. With this in mind, we integrate with wallets and offer them our transaction verification service that runs checks to find possible indications of scam activity. If a transaction is found to contain scam activity signs, the account and the entities associated with such transaction are marked as scam, and the user receives a scam warning message.

Architecture

Our design builds around the Scam Database, which stores scam entities; the Blockberry Security API, through which wallets, explorers, developers, and dApps will access the database; and the Transaction Verification Service.

The Scam Database aggregates data from external databases using data adapters to complete ETL, our GraphQL API, and the data admin backend for data transfer. Another source of data is reports from ecosystem contributors who submit data to a Repository. Later, our Content Manager will copy those entries into our Admin Panel.

The Transaction Verification Service runs the scam check logic triggered as a transaction runs from a wallet. It receives transaction data from wallets through Blockberry API and the Blockberry Backend. Then, it performs checks and sends the results back to the wallet. If the check results show that the account running the transaction is a scam account, the data about such an account and all entities associated with it is sent to the Mina Security Database.

The figure below illustrates our solution's architecture.

How do we Show Scams in Explorers?

We show all entities associated with a scam entity on a single page. Thus, on a scam account page, you can see all its scam coins and scam accounts with which it has run transactions. Below are some examples of how we show scam entities in our explorers.



Security API

In Blockberry API endpoints, there are fields indicating that the queried entity is a scam. Below are links to Blockberry Security API documents for Sui and Mina.

ProductLinks
SuiscanSui Security API
MinascanMina Security API
ZekoscanSoon