Author Topic: Potential Fraud: Need Second Opinion  (Read 501 times)

0 Members and 1 Guest are viewing this topic.

Offline oneQuestion

  • Newbie
  • *
  • Posts: 1
    • View Profile
Potential Fraud: Need Second Opinion
« on: November 06, 2018, 03:56:14 pm »
Hi All,

I have been working on software to detect fraudulent activity on the network. I would like a second opinion on a case that I've been looking into.

One of the things my algorithm looks for is accounts with an override transfer in the absence of any other transfers with respect to a token that has been used in an ICO. In this case, 1.3.924 or PEERPLAYS.

This account: fits that criteria.

One thing I cannot wrap my head around is why the owner of the token (and thus the ICO) would want to force transfer assets from one account to another.

Just looking to get another opinion and maybe some help with investigating this stuff.


Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12915
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Re: Potential Fraud: Need Second Opinion
« Reply #1 on: November 06, 2018, 04:38:05 pm »
What happens here is that the operation 1.11.6737614
uses a override_transfer to send 5000 PEERPLAYS from "flat6" to "c21e6".
That happened on 2016-12-23 13:30:33+00:00 (block #12482277).

override_transfer operations have to be signed by the issuer of of PEERPLAYS (assuming PBSA)

Also, the account has been whitelisted and unwhitelisted before and after the override transfer.
The whitelisting happend onto and off from the account whitelist of the "freedom-ledger" account.
The "freedom-ledger" account is the whitelisting authority for the PEERPLAYS asset.

The "flat6" seems to have traded quite some PEERPLAYS before that happend and also traded STEEM *after* the incident.
There was also a transfer of 30 BTS to freedom-ledger.

If that is fraudulent or not is difficult to tell, but certainly whoever holds the keys for freedom-ledger has signed those
Give BitShares a try! Use the provided by powered by ChainSquad GmbH