A new form of spam has recently emerged into the world and may become a real nuisance in the future. No I'm not talking about the sending of micro transactions of 0.00000001 BTC, transactions which are never approved by the miners and spam the network (that kind of spam is more annoying than anything else), but that's old news.
I'm talking about a new spam-trend that is still in its infancy and is barley known worldwide. I'm talking about sending spam messages using digital assets through a decentralized, second generation currencies exchange.
While there are only a few of these 2nd generation platforms around, and the level of the activity in the ones that already exists is relatively low, in terms of trading volume, as these platforms will gain momentum and popularity (and trust me , they will), spamming is likely to become a nuisance at best and even a real danger at times.
Due to the distributed and public nature of Blockchain-based technologies, it is relatively easy for spammers to get their hands on addresses of active users in the network.
For example: in NXT's decentralized trading platform, SAE (Secure Asset Market), you can easily search for holders of a certain traded digital asset (using services like Nxtblock.info for example), and get a full list of accounts that hold the asset you were looking for.
All a spammer needs to do is to find popular assets and within a few minutes get a high-quality, detailed list of active asset holders' addresses.
From there, the way to spam these accounts is fairly easy and even allows the sending of targeted spam messages (e.g. identifying all Supernet holders in the SAE and sending them spam massages that lead to a fake website that deals with supposedly the same subject)
To understand how this vulnerability is potentially dangerous, imagine a situation where you could enter the servers of a stock exchange and get a full list of email addresses of all the people who hold a certain stock.
If you are wondering how the spamming actually works then unfortunately the answer is quite simple.
In distributed platforms, every user can easily issue a new digital asset of his own, and almost for free. There is not even a problem with naming your asset in with a name that is already taken by someone else. (There is obviously a real Phishing danger here too but that is a different topic).
Once a user creates a new asset in the distributed exchange, he then determines what will be the number of shares to be issued and what will be the name of the asset. A smart spammer will choose a good and catchy marketing name that attracts the eye and will issue a huge amount of stocks (say 1 billion). Then he will add a verbal description and a link to a fake website or to a one that he aims to promote.
Ok. So now we have a quality list of users and we have prepared a digital asset ready for distribution. Let the spamming begin.
Thousands of users in the decentralized exchange will be surprised with this the new asset in their portfolios and try to understand why did they receive this wonderful gift. It's fair to assume that some of the users will be lured to click on the link provided, or at least to read the description of the digital asset. Either way, the spammer will achieve his goal relatively easily in most cases.
Currently, in NXT's SAE, there is no option to simply delete an asset from your portfolio. Of course you can always send it to some random address and get rid of it, but that will make you also a kind of a spammer. The proper thing to do is just send the asset back to the address from which you received it, but it will cost you a fee of at least one NXT and give some more ammunition to the spammer. You can also try to sell it in the market if for some strange reason someone would actually want to buy it. Another option is to just ignore the asset and let it stay in your portfolio.
Hopefully the development teams of the various projects will give their attention to the matter and try to find an appropriate solution. In the meantime until that happens, as always, remember that there is no such thing asfree gifts and don't click on links or addresses you do not know their origin
If you enjoyed reading this article please follow me on Twitter for more updates