Criteria for Case Inclusion

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 12:27, 2 May 2023 by Azoundria (talk | contribs) (Improving and clarifying the criteria further.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notability

  • A case must be referenced from at least two locations. A single comment or post is not sufficient. Two comments, or a comment and a blockchain transaction, or a thread with multiple follow up comments, are valid for consideration.
    • Note that fake reports of cases (where there has been public skepticism or facts which contradict one another) can be dealt with through the controversial template. They will still be included until they can be confirmed fake, but obviously all of the information refuting the case would also be included. Report only facts and let people decide for themselves.
  • Obviously, we would prefer to use sources which are official, such as actual blockchain transactions, mainstream media, analyses by credible researchers, etc... However, due to the nature of cryptocurrency, some unconventional sources like Reddit, Twitter, Discord, Telegram, Medium, or other social media are permitted. Other common sources which can be used are the Internet Archive, news articles from publications like CoinTelegraph, Decrypt, Vice, or third party aggregators of case information like Rekt. More well known cases will likely have a variety of mainstream and official sources, which should be given precedence.
  • The case must involve at least one of the following:
    • More than $1,500 USD lost at the time of the event, in the case of a hack, theft, fraud, or lost key. If the loss is in fungible crypto-assets, this is calculated using the closing price on CoinMarketCap at the day of the exploit. If CoinMarketCap doesn't list the price of the assets, then an alternative source like CoinGecko or Nomics can be used. Best effort should be made to assess the accurate value of the loss including all assets lost.
    • More than $500 USD lost at the time of the event, and notable coverage or attention by several sources.
    • More than $9,500 USD worth of funds placed at risk of loss, were the exploit not found and resolved through a white hacking effort. Cases in this category must be such that the loss would have occurred by default. (ie. Someone in a time machine could have taken the funds without depending on operator incompetence.)
    • Private sensitive information on more than 50 individuals who can be definitively associated with using cryptocurrency being compromised. This includes full legal names, home address, email address and association with a cryptocurrency service, or phone number and association with a cryptocurrency service.
  • Credibility is generally given to the event as having occurred versus not having occurred, except in the following cases:
    • Events which are accompanied with advertisement for questionable cryptocurrency recovery services. In this case, independent third party sources are required for the even to be included.

Relevance

  • The case must involve crypto-assets, or purport to involve crypto-assets. For cases which involve a mix of real-world assets and crypto-assets, real-world assets are generally not included unless they form liquidity on a trading platform.
  • The specific time (at least to the day) of the event must be discernible. See the Guidelines For Dating Cases for help in which date is applicable to the case.

Definite Impact

The particular impact must be clear and must be unexpected or fraudulent. Some examples of cases that can't yet be included would be:

  • A ponzi scheme that is still in-progress. Due to the nature of ponzi schemes, it is not possible to definitively tell when something is a ponzi scheme until it collapses. The goal of this repository is to provide references of historic events, not to speculate on which particular financial schemes may collapse. There are various other tools out there that report on current MLMs that are still operating, and that's not the purpose of this wiki.
  • A hack event which is not backed by any tangible evidence. For example, if someone has a suspicion that a service got hacked, that wouldn't be possible to include. If there are credible concerns and blockchain-supported evidence, this can be included but both sides of the issue must be fairly weighed.
  • Disputes of frozen funds on platforms, where the platform is still operating. Unfortunately, this is really tricky, because it's hard to know whether the funds were legitimately frozen or not.
  • Losses that are due to standard/reasonable market fluctuations. For example:
    • If the cryptocurrency market drops 70%, many people may consider that they have "lost money", but in fact, no loss has occurred. They just overpaid for their digital assets.
    • If a project did their best to deliver and ultimately failed. This is also not the place to include any projects for violation of securities registration. A case could be included if their original payment was based on credibly fraudulent information, the project founders were entirely fake, it was a token which could be bought and never sold, the smart contract did a rug pull, or the team never intended to keep their word.
    • Similarly, margin trading is inherently risky, and so facing a prospect of losses when conducting a margin trade would count as a normal expected outcome. There are some cases where denial of service or fee-based attacks succeed in preventing proper function, which could be considered.
    • General market manipulation is usually not considered to be included. It's assumed that the cryptocurrency landscape is not a level playing field. This includes wash trading, attempts to push the price around, or messaging to manipulate others. On the other hand, if the "official" price on a single platform or smart contract is manipulated to fall well outside of the wider market price, for the purposes of extracting profit in a single incident, that would be included as an exploit of that platform.
    • If blockchains stop running over time and eventually die out, those wouldn't be included on it's own. This is a reasonably expected outcome that some technologies of money will not succeed. Similarly, if a platform was operating honestly, winds down business and returns customer deposits with reasonable notice, this wouldn't be included on it's own. It isn't a place for a graveyard of every failed crypto platform or project - only those that fail due to fraud or an irrecoverable hack.
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Criteria_for_Case_Inclusion&oldid=3899"