Secure voting on Coinhunt

Aug 8, 2021 3 min read
Secure voting on Coinhunt

You can no longer login and vote on Coinhunt with your email, and here is why.

Around 24 hours ago, we went ahead and took a long thought decision. You can no longer login with email to the most popular coin listing and voting platform, Coinhunt.

When we initially launched in April, voting was easy for everyone, with no login required. We used identification methods to do this, but not long passed before people started hacking and hijacking the voting system to rank higher on Coinhunt.

So we went ahead and implemented ReCaptcha, and then HCaptcha. It only took a few days for attackers to find a way to bypass these protections. Actually we went ahead and checked how they managed to do this.

We discovered that there are very cheap services online that you can pay to bypass captchas, here is one:

Anti-captcha : service en ligne de reconnaissance de captcha et numérisation d’images.
2Сaptcha est un service de reconnaissance d’images et captcha utilisant le travail manuel pour la reconnaissance. Utilisez API pour envoyer vos captcha à nos collaborateurs. Gagner de l’argent grâce à la reconnaissance de captcha.

There are others. Cheaper.

You can read more about this and other technics that makes it easy to bypass captchas: https://towardsdatascience.com/solving-captchas-machine-learning-vs-online-services-3596ad6f0137

So at this point we began developing our own filtering technics and anti bot algorithms, but at the end of the day, nothing worked.

Then, we decided to protect the voting system by making it log in only.

Because we knew botters and vote sellers would not just let it go, and we wanted to do our system as good and secure as it could be. Login with email was hard to protect against bots, so we went ahead and implemented an email confirmation system. Only emails that were confirmed could vote on the website.

That didn't cut it either.

Email received from a developer. We are very thankful for his honesty.

As the above screenshot shows, AI and bot technologies is so sophisticated these days with the help of libraries like Selenium, bots can easily act like a real person, create email addresses, create a Coinhunt account and open the verification email and validate their coinhunt account.

(Note that in the above screenshot, the developer is advising us Captcha technologies, but as we explained earlier in this article, that doesn't help at all either)

So here we are. Since August 8th 00.00 UTC+2, voting on Coinhunt is login only and with Twitter or Google Sign as the only options. You can no longer create an account with your email.

So far, everything makes more sense and the vote numbers are more competitive and the overall system of Coinhunt works way better since midnight.

We believe that the provided login methods are enough for our community members and that those who are willing to use Coinhunt meaningfully in their search of new gems, are also willing to go through one of these two authentification methods.

We do not care about fake stats, fake vote counters, and botted results.

As the inventor of the community based coin listing and voting platform concept, Coinhunt has pioneered and will continue pioneering in the future.

We still have a lot of problems to solve (and botters will keep trying to attack the voting system), new features that are being shipped into the website every week. That being said, we are on the right track, and the future is going to be brighter than ever for the Coinhunt community.

Join the conversation

Great! Next, complete checkout for full access to Coinhunt.
Welcome back! You've successfully signed in.
You've successfully subscribed to Coinhunt.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.