Mark an account as compromised

Here is a general concept for an EIP. It could also be an ERC, but that would require more work on the application side. The basic idea is that one could mark their own account as compromised so that tools would know not to trust this account in the future. There could be other features, but the game theory is that no one would mark their own account as compromised if they want to maintain their reputation. Therefore, accounts would only ever be marked as compromised if they were compromised or if someone were self sabotaging themselves in which case they should also not be trusted. If someone does not want you to trust them you should not trust them. Therefore you can reliably assume that if an account has ever been marked as compromised that you should not trust it.

Right now if your private key is leaked you can transfer all your funds out of your account, but your account can still be used to log into and sign message, basically until the end of time. There is no way to let the world know that at some point in the past this account was compromised.

Here is how I think it could work:

• A special transaction that ads a flag to an account that it has been compromised.

• Funds could still be transferred, but future tools can deny service or mark this account as unsafe on their end.

• If you wanted to go further accounts could have a backup account that would be the only account that could receive funds, but that seems heavy handed.

NOTE: It would NOT be a good idea to have a “forward” address of the new trusted account as a hacker could have compromised that one as well. One must establish a new reputation on a new account independently.

This could either be accomplished with some kind of account flag or maybe a deployed asset like a soulbound token. A soulbound token would be easy to deploy, but then anyone who cared would have to make a query to an NFT indexer every time they cared to know. That seems like tech debt. I’d be curious if anyone has any other ideas how this could be implemented.

Thoughts?

This is an interesting concept! I think that the specification needs to incorporate how this can be accomplished without a transaction executed by the compromised account.

It’s reasonable to assume that a compromised account will auto-sweep Ether that is deposited for paying for the gas associated with signaling a compromise.

As such, this specification should instead describe:

1. how to generate a Compromised Account signature offchain
2. how a separate account can post this signature payload to some registry/storage contract
3. what the topology and eventing must be in the storage contract

These are really good points. Yes the insta-sweep on funds preventing any future transactions happens quite frequently so I agree that is highly likely. In light of this an offchain transaction that can be carried by another account makes perfect sense. Also I like the idea of a central registry that can be quickly queried without a need for indexing. This could prevent the need to make any deep alterations.

I wonder though if there has been any success in central registries in the past? Does Ethereum have any example of a central registry that did not fragment into many competing versions? The ENS system is the only I can think of. How do you get the community to acknowledge one registry? Do you just start a registry and then it becomes defacto by virtue of being first? Is this still too much overhead.

Another idea is maybe a standard way of baking it into any smart contract. This would require an account to notify many contracts they have been compromised. So in this model every smart contract implements the it’s own registry. The advantage is you don’t have to worry about fragmented registries. It may take less gas than calling a central registry. I’m not sure about that. The disadvantage of course would be that a transaction would have to be submit to each contract you care about. That might be a non-starter.

I like the central registry idea. How does something like that become official?