Web3-Based Cyber Incident Reporting System With Smart Contracts and Non-Fungible Token Rewards

Authors

  • Danang Juniar Permana Program Studi Sistem Informasi, Fakultas Ilmu Komputer, Universitas Dian Nuswantoro PSDKU Kota Kediri, Indonesia.
  • Wildan Mahmud Program Studi Sistem Informasi, Fakultas Ilmu Komputer, Universitas Dian Nuswantoro PSDKU Kota Kediri, Indonesia
  • Galuh Wilujeng Saraswati Program Studi Sistem Informasi, Fakultas Ilmu Komputer, Universitas Dian Nuswantoro PSDKU Kota Kediri, Indonesia.

DOI:

10.33395/sinkron.v10i2.15898

Keywords:

blockchain, cyber incident reporting, non-fungible token, smart contract, web3

Abstract

The rising frequency of cyber threats increases the need for incident reporting that is transparent, efficient, and privacy-preserving. This study designs and implements a hybrid Web2-Web3 cyber incident reporting prototype that anchors report references on a blockchain while storing full incident details off-chain, and explores non-fungible token (NFT) recognition incentives for reporters. Using an SDLC-based iterative prototyping approach, we built a React single-page application integrated with a Laravel REST API and MySQL for off-chain storage, and deployed Solidity smart contract modules on the Arbitrum Sepolia testnet to record report identifiers and UUID pointers (dataPointer) and to mint NFTs after administrative validation. We conducted black-box functional testing across core scenarios (submission, storage, pointer anchoring, validation, and minting) and a user acceptance study with 25 participants (15 cybersecurity students and 10 IT practitioners) using a 5-point Likert questionnaire. All tested scenarios executed as expected in the test environment, and on-chain events were traceable to corresponding backend records via transaction receipts and logged identifiers. The acceptance evaluation yielded an overall mean score of 3.4/5 (about 68%), indicating moderate acceptance and supporting the work as a prototype feasibility study rather than organizational-level generalization. The prototype demonstrates a practical workflow for hybrid incident reporting with transaction-level traceability and recognition incentives; future work should strengthen cryptographic binding (e.g., content hashing) and validate the approach with CSIRT stakeholders in operational settings.

GS Cited Analysis

Downloads

Download data is not yet available.

References

Banaeian Far, S., & Rajabzadeh Asaar, M. (2024). A blockchain-based anonymous reporting system with no central authority: Architecture and protocol. (2023). Cyber Security and Applications, 2, 100032. https://doi.org/10.1016/j.csa.2023.100032

Brownlee, N., & Guttman, E. (1998). Expectations for computer security incident response (RFC 2350). Internet Engineering Task Force (IETF). https://doi.org/10.17487/RFC2350

Diallo, E.-H., Abdallah, R., Dib, M., & Dib, O. (2024). Decentralized incident reporting: Mobilizing urban communities with blockchain. Smart Cities, 7(4), 2283–2317. https://doi.org/10.3390/smartcities7040090

Forum of Incident Response and Security Teams (FIRST). (2024). CSIRT services framework (Version 2.1). https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1

Guan, C., Ding, D., Guo, J., & Teng, Y. (2023). An ecosystem approach to Web3.0: A systematic review and research agenda. Journal of Electronic Business & Digital Economics, 2(1), 139–156. https://doi.org/10.1108/JEBDE-10-2022-0039

International Organization for Standardization. (2023). ISO/IEC 27035-1:2023 Information security, cybersecurity and privacy protection—Information security incident management—Part 1: Principles of incident management. https://www.iso.org/standard/78973.html

International Organization for Standardization. (2017). ISO/IEC/IEEE 12207:2017 Systems and software engineering—Software life cycle processes. https://www.iso.org/standard/63712.html

Khan, B. U. I., Goh, K. W., Khan, A. R., Zuhairi, M. F., & Chaimanee, M. (2024). Integrating AI and blockchain for enhanced data security in IoT-driven smart cities. Processes, 12(9), 1825. https://doi.org/10.3390/pr12091825

Ma, W., Wei, X., & Wang, L. (2024). A security-oriented data-sharing scheme based on blockchain. Applied Sciences, 14(16), 6940. https://doi.org/10.3390/app14166940

Marbouh, D., Simsekler, M. C. E., Salah, K., Jayaraman, R., & Ellahham, S. (2021). Blockchain-based incident reporting system for patient safety and quality in healthcare. In M. H. ur Rehman (Ed.), Trust models for next-generation blockchain ecosystems (pp. 167–186). Springer. https://doi.org/10.1007/978-3-030-75107-4_7

Nasar, M. (2023). Web 3.0: A review and its future. International Journal of Computer Applications, 185(10), 41–46. https://doi.org/10.5120/ijca2023922776

Nelson, A. (2025). Incident response recommendations and considerations for cybersecurity risk management: A CSF 2.0 community profile (NIST SP 800-61r3). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-61r3

Philip, A. O., & Saravanaguru, R. A. K. (2022). Smart contract based digital evidence management framework over blockchain for vehicle accident investigation in IoV era. Journal of King Saud University – Computer and Information Sciences, 34(7), 4031–4046. https://doi.org/10.1016/j.jksuci.2022.06.001

Putz, B., Vielberth, M., & Pernul, G. (2022). BISCUIT: Blockchain security incident reporting based on human observations. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES 2022). ACM. https://doi.org/10.1145/3538969.3538984

Qurotul Aini, N. A. Y., Rahardja, U., & Santoso, N. P. L. (2023). Skema kredibilitas sertifikat berbasis iLearning gamifikasi blockchain pada Kampus Merdeka. Jurnal Teknologi Informasi dan Ilmu Komputer, 10(1), 203–214. https://doi.org/10.25126/jtiik.2023106164

Ray, P. P. (2023). Web3: A comprehensive review on background, technologies, applications, zero-trust architectures, challenges and future directions. Internet of Things and Cyber-Physical Systems, 3, 213–248. https://doi.org/10.1016/j.iotcps.2023.05.003

Saleh, A. M. S. (2024). Blockchain for secure and decentralized artificial intelligence in cybersecurity: A comprehensive review. Blockchain: Research and Applications, 5, 100193. https://doi.org/10.1016/j.bcra.2024.100193

Widayanti, R., Purnama Harahap, E., Lutfiani, N., Oganda, F. P., & Manik, I. S. P. (2021). The impact of blockchain technology in higher education quality improvement. Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI), 7(2), 207–216. https://doi.org/10.26555/jiteki.v7i2.20677

Wu, C.-H., & Liu, C.-Y. (2023). Educational applications of non-fungible token (NFT). Sustainability, 15(1), 7. https://doi.org/10.3390/su15010007

Zhu, L., Zhang, J., Zhang, C., Gao, F., Chen, Z., & Li, Z. (2023). Achieving anonymous and covert reporting on public blockchain networks. Mathematics, 11(7), 1621. https://doi.org/10.3390/math11071621

Downloads


Crossmark Updates

How to Cite

Permana, D. J. ., Mahmud, W. ., & Saraswati, G. W. . (2026). Web3-Based Cyber Incident Reporting System With Smart Contracts and Non-Fungible Token Rewards. Sinkron : Jurnal Dan Penelitian Teknik Informatika, 10(2), 927-936. https://doi.org/10.33395/sinkron.v10i2.15898

Issue

Vol. 10 No. 2 (2026): Article Research April, 2026

Section

Articles

License

Copyright (c) 2026 Danang Juniar Permana, Wildan Mahmud

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC