Hi all,
I have recently joined the Near community as a developer looking to create some cool apps on the network. Unfortunately it didn’t quite start out as well as I’d have hoped.
When I went to create my wallet, I used the account name that I’ve always used for developing (on Github etc.) and some other forums. But I was very surprised to see it taken. This name is lostpebble
- which to me seems like not a very obvious name and the likelihood of someone else using it is very slim, especially because I was able to register pebble.near
afterwards.
I had a strange feeling that something wasn’t right here.
I investigated on the Near Explorer, and noticed that the account was registered on the 14th January of this year and had only a single transaction on it- that which was used to actually create the account. And a balance of 0.006N.
Already, that’s an initial indication of a squatter.
But looking deeper into it, I checked out the account creation transaction and dug into the parent account which created it- 9nearapps.near
. This account was registered in late December and already amassed 309347 transactions! It might not be a stretch to say that a lot of those were similar such account creation transactions- I would like to find a way to validate this on the blockchain and do more investigations based on the names which were selected.
My gut feeling is that this is a malicious account which likely crawled Github for highly active developer account names (I have a few libraries, the most popular of which has 920 stars as of writing) and registered them en masse. The goals of which could be a few:
-
Typosquatting: misleading potential donors to developer projects to send Near to the wrong account (this is the most annoying one for me, as I don’t think I’ll even use
pebble.near
for donations now, as its too similar and might confuse people- I’ll have to change my dev name on the Near protocol completely). -
Stolen identity fraud- using Twitter, blogs, videos, forum posts or any other type of media, pretending to be me and requesting donations for my projects.
-
Holding the account knowing that people might pay to have their personal developer account name transferred to them at some stage.
I’m sure there could be other reasons I’m missing as well.
Some references online that I’ve found to “9apps”, as in the account name in question, is not a great sign either. (see https://www.quora.com/Is-9apps-safe). It appears to be an entity owned by Alibaba, from what I can see online, and exhibits some scammy practices. Not to say these are definitely the same people, but it certainly could be.
Is there any recourse in this kind of situation? Is there potential for some kind of governance system to deal with this? Obviously, “malicious” in this situation would have to be well defined. Personally, I think clear and undeniable registering of account names en masse, especially with targeting of previously known unique identities, should be considered “malicious”.
Lastly, I’d like to investigate this more. I’d like to take a closer look at all the account creation transactions of that account and cross-reference them to some external systems. If there is anyone who could point me in the right direction, the best methods to do this (block chain API, or other efficient methods of querying the blockchain- I assume I’d have to access the archive for older transactions)- I’d really appreciate it! Perhaps this could be the start of developing systems to help govern against such malicious activity