" Our addresses are compromised.. "
As a block explorer this is something we get told quite often by our users and different projects within the space. We would then work closely with the affected parties to identify and label tainted addresses manually. From my experience, this process itself may take from a few minutes all the way to, in extreme cases, a month of actively tracing tainted addresses daily.
With these experiences working with countless affected parties, we began exploring on how to effectively trace tainted addresses in real-time and assist affected users and projects. What we've learnt is that there is no one stop solution; it is an ever evolving cat-and-mouse game with bad actors and their need to "wash" tainted funds into fiat.
Our Solution - ETHProtect
ETHProtect is a detection system for Etherscan users to identify if incoming funds are tainted, and it traces the tainted funds down to its origin.
Examples of the origins of tainted funds include:
- Suspicious fraudulent activities
Unique to our solution is the Taint Inference Analysis Engine and its ever evolving machine learning internal systems. It modifies parameters for tracing and identifies tainted funds based on each unique scenario.
How does ETH Protect work?
Etherscan receives daily user reports on suspicious fraudulent activities which are reviewed and verified by our security research analysts. Once identified, these tainted addresses are then added into our database.
An example of a tainted address can be identified on the address page with a flashing "Red Shield" icon as shown in the image below.
This shows the address has received tainted funds.
Real Time Tracing
Once the tainted address is identified, any transfer of tainted funds from its origin is traced and highlighted up to the latest block. The tracing is never static; the engine constantly traces and identifies any newly tainted addresses. This helps users track the flow of tainted funds in real time.
Clicking the "Red Shield" icon from the address page will allow users to trace the tainted funds down to its source as show in the screenshot below. Sample visualization.
This is how a potential tainted trace might look like that reflects the flow of funds back to its source.
- The "Start" point highlights the origin of tainted funds.
– The Origin Taint Address and the source of tainted Transaction Hash are both identified here.
- Section 2, from the image, shows the flow of funds from the origin taint address to the corresponding address it tainted.
– The Source Address reflects the address in which it received the tainted funds from.
– The Depth level represents the number of address the tainted funds flowed through before reaching the ending taint address.
- The Ending Taint Address shows the address that is being searched and how it was tainted.
– The Block Number, Timestamp, Transaction Hash, Address and the amount of funds transferred which caused the address to be tainted are identified throughout the taint analysis.
ETH Protect thus traces and shows the flow of funds through multiple depths back to the starting taint address
Taint Inference Analysis Engine
As addresses can be compromised under various circumstances, our internal taint inference analysis engine can modify parameters and identify tainted addresses for each unique scenario.
This is further complemented with our off chain database of labelled addresses, which excludes publicly known whitelisted project addresses within the space from being identified as a false positive.
What should I do if my address is incorrectly tainted?
If you believe you are identified as a false positive, please reach out directly to us via our Contact Us Form. Our internal team will assist you accordingly.
With an increasing number of scams, hacks and fraudulent activities, we aim to identify potential tainted addresses and to make available this information to all our end users. While taint tracing itself is not new and commonly used by large commercial organizations such as crypto exchanges and providers, services like these can costs thousands of $$ dollars upwards per month and is normally not within the reach of the common end-user or open source project.
Information is empowering. Our goal is to empower our end users with more insight into data, so that they can understand and make informed decisions with their crypto interactions.
If you have any feedback you can drop us a message via our Contact Us Form.
We aim to Protect users by identifying potential malicious addresses while screening through Every Transaction Hash.