Learn more about Gitcoin
0xDeadList

$338.35 crowdfunded from 63 people

$242.33 received from matching pools

83%
average score over 2 application evaluations
Implemented a system on StarkNet that incentivizes reporting of compromised Ethereum accounts for enhanced security, using NFT rewards to maintain a list of leaked private keys.

Update: we have deployed 0xdeadlist in StarkNet to support the Stark Curve.

Github: https://github.com/0xDeadList/0xDeadList-StarkWare

Verified Contract: https://starkscan.co/contract/0x054c35e462a3d64e7567fa2fb717949da12260b936e2effa95aef1d9a58be737

Inspiration Losing access to an Ethereum-based account (EOA) can occur in two ways:

The owner forgets the private key, resulting in permanent asset loss. The owner's private key is leaked, allowing unauthorized users to control the account. Our project focuses on protecting account owners from the second scenario, which jeopardizes their account security.

Timely Detection for Leaked Accounts To protect original account owners, DApps must quickly identify leaked accounts. Upon receiving a report of a leaked account, specific actions should be taken:

Multi-signature wallets (e.g., Gnosis Safe) should ban the validity of this EOA. Web3 email providers (e.g., MetaMail) should suspend access to the account's emails, protecting the original owner's privacy. Electronic agreements based on ETH accounts (e.g., ETHSign) should disqualify the account from signing new agreements since they may not be authorized by the original owner.

Introducing 0xDeadList To address these issues, we propose the 0xDeadList project, which maintains a list of addresses with leaked private keys. By rewarding users with a unique NFT (Non-fungible token), 0xDeadList incentivizes reporting of leaked accounts. The leaked account information is stored on-chain, allowing DApps to easily identify insecure accounts.

How 0xDeadList Works 0xDeadList is a public good that encourages users to report leaked addresses. Users can log in to 0xdeadlist.io and follow a two-step process (lock address and bury address) to report compromised accounts. This process:

Prevents the reporter's NFT reward from being stolen by front-running attacks. Ensures the reporter has enough time before the private key is fully disclosed. In step 1, the reporter locks the address, and the contract records the reporter's address without disclosing the private key. In step 2, the reporter uploads the private key. The recorded reporter address then receives an NFT reward. The leaked address is marked as buried and assigned a non-transferable Soul Bound Token (SBT). The private key becomes public (recorded on-chain) to confirm the address leak.

0xDeadList Resources The 0xDeadList project is fully open-source. For more information, visit:

Website: https://0xdeadlist.io GitHub: https://github.com/0xDeadList Contracts: 0x59451a98d772f2a53ca2241a884b1703f8c55218

0xDeadList History

People donating to 0xDeadList, also donated to

Developing open-source tools to manage and revoke web3 token allowances, ensuring wallet safety against exploits and phishing with a browser extension alert system.
Community-led AMM JediSwap on Starknet features onchain data, processed $300M+ volume, 1.5M users, and focuses on permissionless development, transparency tools, and educational content. Mesh Finance leads with a decentralized model.
POAPin introduces POAP Journal, notification systems, and new features for organizing and integrating digital proofs of attendance into personal memories, with apps across major platforms.
Web3 community focused on bridging language gaps between Japanese and international crypto markets through education, content translation, and AMAs, with an NFT-based DAO and recent MASK grant.
Decentralized social media app on Polygon using Lens Protocol with complete user privacy, zero gas fees, resistance to censorship, and no downtime, seeking grants and developers.
Back to Projects