Learn how we ensure transaction security when you use Mina wallets and zkApps.
How it Works
Beware of scammers! As Scam Sniffer Phishing Report suggests, 57,066 accounts fell victim to scam attacks by March 2024 totalling in the loss of $46,863,781. Notably, the overall number of victims who lost more than $1 million decreased by 75% compared to January 2024.
When a user initiates a transaction using a wallet, there is no immediate indication if the transaction involves a scam object or if the counterpart is an account engaged in fraudulent activities. To address this,we offer an early scam detection service designed to prevent account hijacks and fund losses before transactions are executed. Our security service is available for wallets and zkApps, ensuring accounts remain protected from potential scam attacks, thereby preventing fund losses and enhancing overall blockchain security.
Users can access the Mina Security API by either initiating a transaction via a wallet or requesting it through a dApp or blockchain explorer. The Mina Security API sends a transaction check request to the Blockberry Backend. The Transaction Verification service then processes this check and provides the results. Consequently, new scam entities are identified and added to our Security Database.
More resources on Blockberry related to Security:
| Related Resources | Description |
|---|---|
| Mina Security API | You can find more information about Mina Security endpoints. |
| Scam Detection | Read more about how we detect and handle scams. |
| Mina Security Design |
Transaction Checks
| Check | Status |
|---|---|
| Unsigned Transactions Checker Transactions, Accounts, zkAccounts, Tokens. | Available |
| Verification Key Change The check whether the transaction sender changed the verification key's account address. | Available |
| Account Permissions Change Service checks that detect changes in zkApp Account Permissions. | Planned |
How To Use
TBD (Tutorials are coming soon)
Now, as we've done our job, it's up to you whether to proceed or abort the transaction. Take care!
Wallet API
Blockberry Security API provides endpoints for wallets and zkApps to query data that has to do with scams:
Mina Mainnet
| Section | Endpoint | Description | Response Parameters |
|---|---|---|---|
| Security | getScamsByOnChainIds Mainnet Devnet | Get a list of all entities involved in scam activity: accounts, zkApp accounts, and tokens. | scamId |
| objectType | |||
| onchainId | |||
| defaultSecurityMessage | |||
| securityMessage | |||
| scamType | |||
| getScamObjectsByUnsignedTransaction Mainnet Devnet | Check if the queried unsigned transaction involves any scam objects (accounts, tokens, or zkApp accounts). | scamId | |
| objectType | |||
| onchainId | |||
| defaultSecurityMessage | |||
| securityMessage | |||
| scamType | |||
| zkApps | getLastVerificationKeyChange Mainnet Devnet | Check when the queried account changed the verification key last time. Verification key change may be, although not necessarily, an indication of scam activity. | int64 |
| getVerificationKeyHistory Mainnet Devnet | Check when the queried zkApp account changed the verification key. | timestamp | |
| verificationKey | |||
| verificationKeyHash |