Criteria for Case Inclusion: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Added definite impact section to case inclusion part.)
Line 18: Line 18:
** For hacking or rug pull events, the timestamp of the first blockchain transaction that removes funds from the individual or service facing the loss. If no blockchain transactions can be found, then the timestamp of the very first public report.
** For hacking or rug pull events, the timestamp of the first blockchain transaction that removes funds from the individual or service facing the loss. If no blockchain transactions can be found, then the timestamp of the very first public report.
** Ponzi events must have concluded before they can be covered. For ponzi events, in this order:
** Ponzi events must have concluded before they can be covered. For ponzi events, in this order:
*** The timestamp of a public declaration of bankruptcy or announcement that the platform is shutting down.
*** The timestamp of the first public declaration of bankruptcy, guilt by a founding member, or announcement that the platform is shutting down.
*** If there was no such announcement, the time at which the platform ceased to honour withdrawals. This is the time of last withdrawal, not counting withdrawals by operators of the scheme.
*** If there was no such announcement, the time at which the platform ceased to honour withdrawals. This is the time of last withdrawal, not counting withdrawals by operators of the scheme.
*** If information about withdrawals cannot be obtained, or no withdrawals were ever allowed, the timestamp of the first public report that a participant is unable to withdraw their funds.
*** If information about withdrawals cannot be obtained, or no withdrawals were ever allowed, the timestamp of the first public report that a participant is unable to withdraw their funds.
*** Failing that, the date of the most comprehensive investigation can be used.
** For lost funds, the time at which the individual or organization first publicly reports the funds inaccessible.
** For lost funds, the time at which the individual or organization first publicly reports the funds inaccessible.
** For privacy breaches, the date at which the information was first accessed by an unintended party. If the circumstances of the access have not been publicly revealed, then the time of the first announcement.
** For privacy breaches, the date at which the information was first accessed by an unintended party. If the circumstances of the access have not been publicly revealed, then the time of the first announcement.

Revision as of 14:07, 19 January 2023

Notability

  • A case must be referenced from at least two locations. A single comment is not sufficient. Two comments, or a comment and a blockchain transaction, or a thread with multiple follow up comments, are valid for consideration.
  • Due to the nature of cryptocurrency, primary sources like Reddit, Twitter, Discord, Telegram, Medium, or other social media are permitted. Other common sources which can be used are the Internet Archive, news articles from publications like CoinTelegraph, Decrypt, Vice, or third party aggregators of case information like Rekt. More well known cases will likely have a variety of mainstream and official sources, which should be given precedence.
  • The case must involve one of the following:
    • More than $1,500 USD lost at the time of the event, in the case of a hack, theft, fraud, or lost key. If the loss is in fungible crypto-assets, this is calculated using the closing price on CoinMarketCap at the day of the exploit. If CoinMarketCap doesn't list the price of the assets, then an alternative source like CoinGecko or Nomics can be used. Best effort should be made to assess the accurate value of the loss including all assets lost.
    • More than $9,500 USD worth of funds placed at risk of loss, were the exploit not found and resolved through a white hacking effort. Cases in this category must be such that the loss would have occurred by default. (ie. Someone in a time machine could have taken the funds without depending on operator incompetence.)
    • Private sensitive information on more than 50 individuals being compromised. This includes full legal names, home address, email address and association with a cryptocurrency service, or phone number and association with a cryptocurrency service.
  • Credibility is generally given to the event as having occurred versus not having occurred, except in the following cases:
    • Events which are accompanied with advertisement for questionable cryptocurrency recovery services. In this case, independent third party sources are required for the even to be included.
  • If an event is considered controversial as to whether it occurred or not, this should be noted in the article.

Relevance

  • The case must involve crypto-assets, or purport to involve crypto-assets. For cases which involve a mix of real-world assets and crypto-assets, real-world assets are generally not included unless they form liquidity on a trading platform.
  • The specific time (at least to the week) of the event must be discernible. The relevant time to use is as follows:
    • For hacking or rug pull events, the timestamp of the first blockchain transaction that removes funds from the individual or service facing the loss. If no blockchain transactions can be found, then the timestamp of the very first public report.
    • Ponzi events must have concluded before they can be covered. For ponzi events, in this order:
      • The timestamp of the first public declaration of bankruptcy, guilt by a founding member, or announcement that the platform is shutting down.
      • If there was no such announcement, the time at which the platform ceased to honour withdrawals. This is the time of last withdrawal, not counting withdrawals by operators of the scheme.
      • If information about withdrawals cannot be obtained, or no withdrawals were ever allowed, the timestamp of the first public report that a participant is unable to withdraw their funds.
      • Failing that, the date of the most comprehensive investigation can be used.
    • For lost funds, the time at which the individual or organization first publicly reports the funds inaccessible.
    • For privacy breaches, the date at which the information was first accessed by an unintended party. If the circumstances of the access have not been publicly revealed, then the time of the first announcement.

Definite Impact

The particular impact must be clear and must be unexpected or fraudulent. Some examples of cases that can't yet be included would be:

  • A ponzi scheme that is still in-progress. Due to the nature of ponzi schemes, it is not possible to definitively tell when something is a ponzi scheme until it collapses. The goal of this repository is to provide references of historic events, not to speculate on which particular financial schemes may collapse.
  • A hack event which is not backed by any tangible evidence. For example, if someone has a suspicion that a service got hacked, that wouldn't be possible to include. If there are credible concerns and blockchain-supported evidence, this can be included but both sides of the issue must be fairly weighed.
  • Losses that are due to standard/reasonable market fluctuations. For example:
    • If the cryptocurrency market drops 70%, many people may consider that they have "lost money", but in fact, no loss has occurred. They just overpaid for their digital assets.
    • If a project did their best to deliver and ultimately failed, that wouldn't be included. But if their original payment was based on credibly fraudulent information, or the project founders were entirely fake, or the team never intended to keep their word, that could be. This is not the place to include any projects for violation of securities registration, but such evidence could be used towards evidence of other fraud happening.
    • Similarly, margin trading is inherently risky, and so facing a prospect of losses when conducting a margin trade would count as a normal expected outcome. However, there are some cases where denial of service or fee-based attacks succeed in preventing proper function, which could be considered.
    • General market manipulation is usually not considered to be included. It's assumed that the cryptocurrency landscape is not a level playing field. This includes wash trading, attempts to push the price around, or messaging to manipulate others. On the other hand, if price on a single platform or smart contract is manipulated to fall well outside of the wider market price, for the purposes of extracting profit very quickly, that would be included as an exploit of that platform.
    • If blockchains stop running over time and eventually die out, those wouldn't be included on it's own. This is a reasonably expected outcome that some technologies of money will not success. Similarly, if a platform was operating honestly, winds down business and returns customer deposits with reasonable notice, this wouldn't be included on it's own. It isn't a place for a graveyard of every failed crypto platform or project - only those that fail due to fraud or an irrecoverable hack.
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Criteria_for_Case_Inclusion&oldid=64"