Blockchain Security Upgrade Proposal

The Problem

It is frustrating to see that wallets are being hacked repeatedly on the blockchain.

Blockchain technology needs to be more reliable to scale.

This document purpose an easy way to make wallets more secure on the blockchain.

One of the common traits of these hackings is that a person’s fund was transferred from his/her wallet to another person’s wallet without that person’s knowledge. The transaction is recorded on blockchain, transparent to the public. Yet no one can stop the transaction, no one can help the original owner to recover the fund.

To solve this issue, the following issues need to the solved.

1. The wallet that has the fund needs to be more secure. It needs to be a simple and easy way to protect the fund, so that people from any age group can easy handle it and feel safe that their crypto fund is secure at all time.
2. The person who take the fund from other people’s wallet should not be able to retrieve or use the fund. This should remove most of the incentives behind these hackings.
3. The blockchain system should have an integrated procedure to safeguard the integrity of the transactions. After all, cryptocurrency enables high liquidity for digital assets, but it is the people who own these assets. Blockchain should has the process to safeguard the transactions among people.
4. The solution should require minimal modification of the existing blockchain system.

The Solution

Based on the above principle, the following solution is purposed.

Checking and Savings Wallet

The traditional FIA system has established banking procedures that have passed the testing of time. One of these procedures is using savings account and checking account for personal banking.

The existing cryptocurrency wallet is equivalent to the checking account. It is flexible and agile, however, it is easily exposed to hacking and other phishing attempts.

Creating Savings Wallet on top of the existing cryptocurrency wallet (Checking Wallet) has many advantages.

With the implementation of the saving wallet, the user has the option to create Savings Wallet on top of his/her Checking Wallet. The Savings Wallet does not directly interact with blockchain. Each Savings Wallet can only receive and send fund to the Checking Wallet that it is associated with. The balance in the Savings Wallet can be verified on the blockchain. The purpose of the Savings Wallet is to be used as a cold storage for the fund. User can enable 2-step or 3-step or further verification for the Savings Wallet.

If a user wants to use the fund he/she has in the Savings Wallet, he/she needs to first transfer it into the associated Checking Wallet that he/she owns, and then use the fund from the Checking Wallet to conducts transactions on the blockchain.

The Checking Wallet segregates the Savings Wallet from the blockchain, and protects it from the hacking and phishing attempts on the blockchain. Additional security procedures are required to open and use the fund in the Savings Wallet, this helps the users secure his/her fund and be able to access the fund when needed.

Blacklist Bad Wallet Addresses

In any crime, there is a real physical person behind the crime. Software doesn’t lie, it only executes the code written by a person. Transactions take place on blockchain are immutable, they are recorded on the blockchain, and can not be changed. This means the address of the person who take the fund are visible on the blockchain to everyone, if they move the money, their forwarding addresses are also visible on the blockchain.

To capture the person who breaks the trust and steals other people’s fund, we have to capture the person behind these transactions, and hold that physical person liable for the result of these transactions.

Privacy is a privilege and has to be earned. If someone break the trust, and steal fund from other people, that privilege is suspended, and that person has to show up as a physical person and proves to everyone that his/she is the real person behind that address, and he/she has the right to claim and keep that fund.

We use these key elements in the proof statement: Time + Place + Proof of Physical Person

A blacklist of bad wallet addresses are kept on the blockchain, along with the regular blockchain information. It is a blacklist of all wallet addresses that may be involved in misconducts. Transactions in and out of these addresses should not be mined. Fund can not be transferred out from these blacklist wallet addresses. An alert message should be displayed when user tries to send money to these addresses.

Owner of a blacklisted wallet address needs to use the appeal procedure to settle the dispute, proves that the fund rightfully belong to him/her, to restore his/her fund.

##Blocked and Flagged wallet address

Wallet addresses on blockchain are very atomic, and agile. To maintain a healthy ecosystem on the blockchain, wallet addresses that misbehavior and addresses involve in phishing scams need to be blocked from receiving and retrieving funds. Transactions that goes in and out of the blocked address can be shown on the blockchain but they are not mined. All miners should have a copy of the blacklist that is constantly synced up with the blockchain. All blacklisted addresses become inactive.

If we look at the bad wallet addresses as sand in the water, sand needs to settle to the ground, to maintain the clarity of the water. To maintain the trustless and the integrity of the blockchain ecosystem, bad wallet addresses has to be suspended from the system.

The wallet addresses that are directly involved in a filed claim needs to become inactive or made obsolete.

Either it is a wallet address reported to be hacked and has fund stolen, or a wallet address reported to have stole fund from another wallet. Both wallet addresses have breached security issues, both wallets that are directly involved in the claim need to be archived and become obsolete.

For a wallet address that is not the immediate target wallet, but is also involved in the claim (such as wallet 3 in use case 4), it may be owned by an innocent standby person, or it may be owned by someone that is not so innocent. Either way, if the wallet address has a portion of the reported stolen fund transferred into it, it will be flagged. Once the wallet returns that portion of fund, the flag will be removed, and that wallet is restored and made accessible to the blockchain.

This procedure have the following steps.

First the person who report the fund is stolen needs to make the claim.

When a person noticed that fund has been stolen or transferred out of his/her wallet without his/her permission, he/she needs to immediately raise an alert flag on the blockchain. The address of the wallet where the fund is stolen, and the address of the wallet(s) that have the stolen fund are reported to the moderator group that handles blockchain security.

A blockchain security group is setup to handle the claims, it maintains a blacklist that have all the bad addresses that are currently being flagged and blocked. All miners should check the list when mining a block, and stop verifying transactions in and out of these flagged addresses. This will stop the person to transfer the stolen fund to other addresses.

The process of submitting the claim is shown in the above diagram. The victim need to fill in a standard claim form, that includes the following information:

1. Name and contact information
2. His/her wallet address
3. How much fund was stolen
4. The wallet address(s) where the stolen fund was transferred to
5. The verified transaction id of that transaction on the blockchain
6. A clear statement that the fund was stolen from his/her account without his/her permission
7. Sign the claim form in front of a licensed notary and notarize the document.

The victim need to submit this notarized signed claim form to the moderator group who handles the security. He/she also need to send a small fee (such as 0.01 ether) to the wallet address of the moderator group. This is to verify that he/she indeed is the owner of that wallet where the fund was report stolen.

It is necessary to have the claim form notarized, since this will require the victim to show up as a physical person in front of a notary and sign the form. The notarized claim form has its legal effect. This will hinder demeanor behaviors of people reporting fund being stolen in order to block other people’s wallet addresses.

If the reported fund was transferred to a verified wallet address, such as a crowdsale smart contract address and etc, it is most likely the claim is false. In such as, the contract/wallet owner needs to return the fund to its sender using the escrow account or send in the appeal, in order to avoid the contract/wallet address being flagged or blacklisted.

The person who was reported as the hacker that stole the fund may chose to initiate the transfer of the stolen fund to the moderator, and let the moderator restore the stolen fund to a new wallet created by the victim. Moderator burns the stolen fund from the blacklisted wallet. Both the original wallets involved in the claim become unaccessible and obsolete.

If the hacker decides not to response to the claim, the stolen fund will be locked in the blacklisted wallet, he/she will not be able to use or retrieve the fund. This will remove the motivation behind most hacking activities.

If the person who owns the address believe that he is innocent, he can write an appeal to the moderator group who handles the blockchain security, and ask to retrieve the fund.

The process of submitting the appeal is shown in the above diagram. The defendant (Owner2) needs to fill in a standard appeal form, that includes the following information:

1. Name and contact information
2. His/her wallet address
3. How much fund he/she claims to be rightfully own and needs to be restored
4. The wallet address(s) where the fund in dispute was transferred from
5. The verified transaction id of that transaction on the blockchain
6. A clear statement that he/she has the right to own that amount of fund, and the transfer of that fund from the original owner’s wallet to his/her wallet is legitimate.
7. Sign the appeal form in front of a licensed notary and notarize the document.

The defendant needs to submit this notarized signed appeal form to the moderator group who handles the security. He/she also need to initiate the transfer of a small fee (such as 0.01 ether) to the wallet address of the moderator group. This is to verify that he/she indeed is the owner of that blacklisted wallet. This transaction can be initiated and recorded on blockchain, but it will not be mined nor verified, since the wallet address is blacklisted.

(Optional) Depends on the amount involved in the claim. It may be also necessary for the person to show up as a physical person, record a 3 minutes plus video, provide video testimonial regarding his/her right to own that fund.

If a person is indeed innocent, often he/she is willing to testify for his/her words. This helps to sort out the real owner of the fund, and restore the fund to the right person.

Depending on the amount of the fund involved, additional steps may be involved to restore the fund to a person who filed the appeal.

The moderator group reviews the information from both parties, review the testimonial video from the defendant, and decides whether to restore the fund to the person who appeal the case, or to the person who filed the claim, or leave the fund in the locked blacklisted wallet.

It is also possible for the two parties come up with settlement solution between themselves, and request the moderator the split the fund and restore the fund. In that case, both parties submitted their signed appeal forms with a consistent fund arrangement. Moderator review the forms, use the escrow wallet to split and restore the fund for them.

When hacking of the blockchain system are stopped, people will be able to use system and have the peace of mind that their cryptocurrency are safe, blockchain community will be able to scale.