Chain Analytics on Scam Addresses
In January I created a post listing some of the ETH addresses associated with a set of scams targeting the Guild of Guardians community. Yesterday night a member of the community reached out to email@example.com as they were a victim of the scam and had performed some research that aligned with our findings, specifically they identified two ETH addresses that were used to move the proceeds of the scam:
If you're new to the cryptocurrency space, it's important to remember that blockchain technology, by default, provides transaction transparency, but in many cases maintains anonymity. Barring a leak from a centralized exchange or self identifying as the owner of an address, while you can see all transactions on Ethereum, you can't necessarily tie those transactions to a real world individual or group if they are making an effort to remain anonymous.
So what do you do when you have addresses that are associated with a scam? Let's put the discussion of censorship aside for a moment, as that's a very heated topic, and just pretend that we all agree if we identify an address that has scammed someone from the Guild of Guardians community out of funds we'd like that scammer to own up to what they've done and possibly make it difficult for them to spend the proceeds of that scam.
Depending on the amount of funds and the technical prowess of your local law enforcement, you can and should report the scam, but you might not get a lot of help recovering the funds. Also, if you yourself are in the crypto space, you might be trying to maintain your own anonymity for personal reasons and might even be in a position where local law enforcement isn't friendly to crypto currency users at all.
The next option is to try and flag the addresses to as many communities as you can, effectively blocklisting the address. Block listing in this context means ensuring the community blocks interactions with the addresses on the list. There are some shared tools that many communities, law enforcement and cryptocurrency exchanges subscribe to in order to get lists of addresses they should block.
In some scams, the scammer is looking to cash out their gains, and at some point might try to send funds to a centralized exchange, or some other fiat offramp so they can spend some of their money as in many regions of the world you still can't buy milk and bread with crypto. When the scammer moves their funds to a centralized exchange (e.g. Coinbase) that exchange can check if that address is on a blocklist and react accordingly. Each exchange might have a different philosophy, but if an address is flagged as a scam they should at least pause for a moment. More and more exchanges are required to accept Know Your Customer data (KYC). Presumably, if the exchange the scammer is sending funds to has done their due diligence then anonymity stops there. The address that sends the funds to the exchange should now be associated with a real world person.
Now it's up to the exchange, or the local laws that govern that exchange, to decide the next steps. Let's look at an example. Here is a graph of addresses on Ethereum associated with a set of Guild of Guardian token sale impersonation sites: