Harmony chrome extension anti-fraud anti-spamming wallet
Imagine a country with the following immigration policy
- Everyone can get in and out as they please -everyone in web3 can get in and out as they please.
- Everyone can create multiple identities -everyone in blockchain can create multiple wallets and have multiple anonymous identities.
- There are rules but it’s very difficult to persecute those who break them – bad actors in the blockchain ecosystem get away with fraud and there is no way of purging them.
This has been the current state of web3 in the past few years and sadly this has motivated a lot of bad actors to start using blockchain for committing fraudulent transactions or at least preventing good actors from carrying out normal transactions (e.g., The latest spam attacks on the harmony network)
please replace confirm wallet with confirming wallet address ( we need to verify addresses not wallets)
In 2021 alone over $14 billion has been lost in crypto scams, people do this is by creating multiple anonymous addresses. the ability to create new addresses has made people very careless because they can easily escape any consequences of their actions(Mackanzie Sigalos, 2022).
Bad actors can also easily spam networks is by creating multiple wallets and sending thousands of multiple small transactions hence clogging the network. This has happened to multiple L2 blockchains and Solana because of low transaction costs in these networks.
Other methods of scamming include people creating multiple virtual accounts and voting for each other, also giving themselves work in projects e.g., the Freeyala scandal where the leader has had two identities one as a man and the other as a woman, by using multiple identities she was able to move resources and funds to her personal projects. (Freeyala, 2022)
Harmony will be a cross-chain platform soon, this means that harmony wallets can easily be used by scammers to move money across networks. Vitalink thinks its why the future is multi-chain and not cross-chain, the inherent security issues with moving tokens cross-chain (Vitalik Buterin, 2022)
SOLUTIONS IMPLEMENTED TO SOLVE THESE PROBLEMS
Both Solana and Harmony have increased the transaction costs to make It expensive for people to scam the network, it’s a temporary solution since for blockchain to get mass adoption the cost of the transaction has to be small.
Short term solutions implemented by harmony
- p2p peers blacklist and whitelist feature – this might work if someone cannot create another wallet easily but, currently everyone can create an unlimited number of wallets.
- Signing rate dropping – it’s making using of the network almost unbearable considering how smooth the site has always been.
Solana Case study
In September 2021, Solana network faced a DDOS attack for over 17 hours which reduced the token price from $220 to $140.
What if someone wants to hack harmony again?
It now costs 0.00075 0ne to send one transaction that is (0.00075* $0.3417) = $0.000256 dollars for every transaction. Imagine a big whale wants to stall the network for a full day sending 1500 transactions every second, it would only cost him ($0.000256 * 86400 *1500) = that is $33, 313.23. after stalling the network users get pissed off and decide to sell their tokens like what happened in Solana and ONE token reduces by 50% to $0.179. This reduction in price makes the whale purchase one million tokens for $170 000, but, since harmony is a great network offering great services the price of tokens will get back to their original value of 0.34(Coinmarketcap.com, 2022) after some time. That’s over 70% return on investment if he decided to sell his whole portfolio.
How harmony works
Below is a simplified description of how the harmony network works
After a user signs in using his wallet address, every transaction he/she sends goes to the leader node, the leader node sends the transactions to the validator nodes. After the validator nodes and leader reach consensus the block is confirmed and added to the blockchain (Harmony.one, 2022).
The design of the blockchain makes it easy to scale the blockchain, it also assumes that everyone with One wallet is a good actor and will send valid and valuable transactions to the leader for an announcement. Of course, this has not been the case, both good and bad actors can create wallets. The problem is bad actors have multiple wallets and they consciously decide to stall the network by sending spam transactions.
OUR PROPOSED SOLUTION
Prevention is better than cure, it’s very difficult for a country to control crime once criminals are in the country than when they are outside. Criminals inside the country (harmony network) can also cause more damage (the recent 10-hour outage). We are proposing creating passports for harmony users to access the network. The passports will be wallets with different types of authorizations and access, this will prevent spamming and fraudulent users from accessing the network.
There are people with multiple wallets who don’t get to use all of them, there are also people with multiple harmony wallets who use them for good purposes e.g., gaming, staking, etc. there are others with multiple wallets who use them to send spam and defraud other harmony users. We need to find ways of separating these types of users.
Blockchain networks need to know which users have multiple wallets; wallets were used to flood the network with spam traffic (Post-mortem, 2022). Eclipse and Sybil attacks are hard to defend against because of the ability of individuals to create unlimited wallets, there are two ways to solve this; one is by implementing proof of work in ID generation with real-world costs (technically impossible for harmony), the second one is accepting signing in IDs from a central trusted authority (what we are trying to build) (Libp2p.io, 2022)
To prevent people from creating multiple wallets which can be used to commit fraudulent transactions and send spam transactions., we will add a confirm wallet button, which after they click, they will be redirected to face ID, using face App, a key is created from there selfie a stored in the blockchain when trying to open another One wallet, the user will be asked to verify it and if the key created has a similarity index of more than 99%, he/she won’t be allowed to have full harmony features unless he contacts admin.
Users will be allowed to install and create wallets, to send transactions to the leader node they have to confirm their wallets. After pressing the confirm wallet button, their webcam/phone camera opens up and detects the face, we perform a liveness check then pass the image to the Facenet model which creates a 128vector ID based on the facial features. We hash the 128 vector ID and store the hash ID and the wallet address in the blockchain.
We have tested this open-source model for liveness checking and it’s working well, (Prabhat, 2021), it protects against;
a) Print photo attacks – printing someone else photos to bypass facial recognition
b) Mobile photo attacks – using someone else photos to create wallets.
c) Replay attacks – using someone else videos to create wallet addresses
d) Photo mask attack – using a 3D face mask using other peoples to create wallets.
e) 3D mask attacks – wearing 3D facemasks to bypass the facial recognition software
We are going to implement Facenet, it’s an open-source model that converts facial features into 128 vector ID, Facenet models are usually 99.2-99.63% accurate (Geeksforgeeks.org, 2021)
Using the 128 vector ID generated, we will hash the results and create a unique key for that wallet address, that unique ID will be stored inside the desktop (like a private key). We will write a function every time a user wants to perform a transaction, both his private and this unique key are called, if the unique key does not exist the transaction is invalidated. and thus, won’t be pushed to the leader node.
This unique identifier will be copied in the blockchain network, and by searching the unique identifiers in the blockchain you can easily see people who have multiple wallets. In the whole eco-systems.
Real case study
Imagine someone wants to transfer tokens from one wallet to another this is what normally happens
To process the transfer, the private key function has to be called and confirmed for the transaction to go through to the leader node.
The unique Key created using the face ID will change the way all transactions are handled, this is how it will happen
When someone wants to transfer tokens, after the private key is confirmed, we call the function to check the unique key after it has been confirmed transactions are pushed to the leader node.
Benefits to Harmonauts
- Reduced cases of fraud – everyone with one wallet will have to be validated as a real person. Users with multiple wallets will be recorded to prevent them from conducting fraudulent transactions using one wallet and shifting to other wallets
- Help in getting the right people in the community- for fraudsters to successfully bypass the system, they will have to register using multiple faces, since everyone has one face it’s going to be difficult to get someone else to sell their face ID online.
- Reduced cases of spam attacks, we can reduce the number of transactions unconfirmed wallets can perform.
- Encourage people to behave ethically since they can be banned from the network if they participate in fraudulent transactions.
- Add another extra functionality where confirmed users can easily access admin support (to prevent them from asking in telegram which puts them at more risk of being scammed)
Benefit to the blockchain community
Security has been a major concern in the blockchain community, this has hindered its adoption in mainstream society. Improving cross-chain security will be a step in protecting users from fraudsters and bad actors, our long-term goal is to create an API that blockchain networks will be using to verify users and check how many accounts a wallet has in cases of fraud in order to combat crime across chains
Short term effects on the network
- Reduced numbers of wallet addresses created – wallet addresses will be useless unless verified.
- Reduced numbers of transactions in the network – only verified addresses will be able to send transactions to leader nodes.
Long term effects on the network
- Getting quality builders into the network – people who are really interested in creating and not scamming other people
- One wallet address becoming the Gold standard in the blockchain community because of its safety
- Businesses who want to implement blockchain solutions come to harmony because it’s safer compared to all the other blockchain networks full of scammers.
- Increased rates of transactions- businesses usually generate lots of transactions every second, getting them to adopt harmony as the first priority because of security will be great.
- Increased wealth in the community -the One token will rise because we are providing value to existing businesses, validators and community members will earn more money by staking.
[5OK launch grant according to the rules]
add the facial recognition system into the harmony extension wallet (completed from the test net launch).
Test the system with 1000 users.
Improve the wallet to make it simpler for beginners (there is a lot of negative reviews in the harmony chrome extension wallet)
Add a chat functionality for confirmed users
Limit the functionality of unconfirmed users.
A fully functional user-friendly improved harmony wallet with added security and privacy. Within four months.
Improving the security of the harmony network by reducing instances of spamming attacks.
what about users’ privacy?
we are going to implement ZKrollups in partnership with ZKU so that no one gets to have a copy of your image( its why we are reluctant to use Webauth0)
What are your long-term goals?
getting all wallets to adopt this so we can have a decentralized place where people who perform fraudulent transactions can be tracked. For example, a recent rug pull in Solana, these people must have multiple wallets in which they deposited their stolen money, if they are in different networks it is going to be difficult to recover unless we can associate wallets with its owners (Jason Nelson, 2022)
We tried running the harmony wallet so that we integrate the additional feature, we got some errors and had to build our own extension. the video shows an implementation using our own extension. We are working on using the real harmony chrome extension wallet
Participated in the University Hackathon.
Project overview, The solutions to multiple wallets. - YouTube
Fasika Zelaleam, (2022), Solana suffers another reported DDOS, Solana suffers yet another reported DDoS attack
Freeyala, (2022), on Sarah, freya, and Zlyah, On Sarah, Freya and Zylar - Google Docs
Vitalik Buterin, (2022), why the future is multi-chain and not cross-chain, vbuterin comments on [AMA] We are the EF's Research Team (Pt. 7: 07 January, 2022)
Mackenzie Sigalos, (2022), crypto scammers took a record of $14 billion, https://www.cnbc.com/2022/01/06/crypto-scammers-took-a-record-14-billion-in-2021-chainalysis.html#:~:text=Losses%20from%20crypto-related%20crime,were%20taken%20from%20DeFi%20protocols.
Jason Nelson, (2022), Solana NFT Project Rug Pulls Investors for $1.3M—Despite Civic 'Verification' - Decrypt
Postmortem, (2022), January network outage, Postmortem: January Network Outage
Harmony.one, (2022), whitepaper, https://harmony.one/whitepaper.pdf
Prabhat, (2021), face liveness detection via OpenCV and TensorFlow, Face Liveness Detection via OpenCV and Tensorflow - KickerTech
Geeksforgeeks.org, (2021), face net -using facial recognition technology, FaceNet - Using Facial Recognition System - GeeksforGeeks
Preformatted text``Preformatted text``Preformatted text``Preformatted text``Preformatted text``Preformatted text``Preformatted text
Johnashu, (2022) https://github.com/harmony-one/harmony/issues/3979