Combating P-Rep Impersonators / Scammers

Recently there has been an uptick is scammers impersonating P-Rep team members in the chats to coerce people into providing their private keys. One incident happened where someone was impersonating someone from CCClub and another with Yasha from Block42. I think only one of the incidents resulted in coins being taken (the impersonater of CCClub - anyone please verify?) but clearly we should be doing more than promoting the common knowledge that you should never give anyone access to your private keys.

I personally think an on-chain solution would be best. Chris from Block42 talked about building a web app that you can verify identity through. We could have a place that teams can upload public keys / wallet addresses and that can be used to verify someones identity. This would be great but then you have to educate people not just about common knowledge of private key safety but also the process of verifying a P-Reps team identity.

What might be best from a user’s experience is if this is integrated into telegram with a bot. Something that queries a DB of P-Rep teams and their associated telegram IDs. If someone is impersonating a P-Rep then you can run the bot to check if they are in fact who they claim to be. Another avenue for the bot would be to work through myID but don’t know enough about roadmap to comment.

Really don’t know what the best solution is here or if I am just overreacting. Welcome any thoughts on the matter.

2 Likes

I’m posting often on reddit and twitter to remind the community, but that only goes so far.

I think a safety/security section, or best practices, will be part of our ongoing subreddit upgrade. No doubt we can share that around here/TG/Twitter etc.

Bleh, I hate scammers.

1 Like

We focused on phishing websites and took down both https://icon.foundatlon.com/ and https://iconfoundation.online/ + recovered ~ $40k worth of ICX from a phished wallet by sending it out sooner than the attacker after it got unstaked.

If you come across a phishing site, report the domain name to the registry. They block them usually within a day. Some aspects of centralization are nice.

1 Like