Conference:ACM SIGMETRICS 2025
CCF level:CCF B
Categories:Computer Architecture/Parallel and Distributed Computing/Storage Systems
Year:2025
Conference time:June 9-13, 2025
1
Title:
Phishing Tactics Are Evolving: An Empirical Study of Phishing Contracts on Ethereum
网络钓鱼策略不断演变:以太坊网络钓鱼合约的实证研究
Authors:
Bowen He (Zhejiang University); Xiaohui Hu (Huazhong University of Science and Technology); Yufeng Hu (Zhejiang University); Ting Yu (Mohamed bin Zayed University of Artificial Intelligence); Rui Chang, Lei Wu, Yajin Zhou (Zhejiang University)
Key words:
Decentralized Finance, Ethereum, phishing contract detection
去中心化金融、以太坊、钓鱼合约检测
Abstract:
The prosperity of Ethereum has led to a rise in phishing scams. Initially, scammers lured users into transferring or granting tokens to Externally Owned Accounts (EOAs). Now, they have shifted to deploying phishing contracts to deceive users. Specifically, scammers trick victims into either directly transferring tokens to phishing contracts or granting these contracts control over their tokens. Our research reveals that phishing contracts have resulted in significant financial losses for users. While several studies have explored cybercrime on Ethereum, to the best of our knowledge, the understanding of phishing contracts is still limited.
In this paper, we present the first empirical study of phishing contracts on Ethereum. We first build a sample dataset including 790 reported phishing contracts, based on which we uncover the key features of phishing contracts. Then, we propose to collect phishing contracts by identifying suspicious functions from the bytecode and simulating transactions. With this method, we have built the first large-scale phishing contract dataset on Ethereum, comprising 37,654 phishing contracts deployed between December 29, 2022 and January 1, 2025. Based on the above dataset, we collect phishing transactions and then conduct the measurement from the perspectives of victim accounts, phishing contracts, and deployer accounts. Alarmingly, these phishing contracts have launched 211,319 phishing transactions, leading to 190.7 million in losses for 171,984 victim accounts. Moreover, we identify a large-scale phishing group deploying 85.7% of all phishing contracts, and it remains active at present. Our work aims to serve as a valuable reference in combating phishing contracts and protecting users' assets.
以太坊的繁荣导致网络钓鱼诈骗日益猖獗。最初,诈骗者引诱用户向外部账户(EOA)转移或授予代币。现在,他们转向部署钓鱼合约来欺骗用户。具体来说,诈骗者诱骗受害者直接将代币转移到钓鱼合约,或者将代币的控制权授予这些合约。我们的研究表明,钓鱼合约已经给用户造成了巨大的经济损失。虽然已有多项研究探讨了以太坊上的网络犯罪,但据我们所知,对钓鱼合约的理解仍然有限。
本文首次对以太坊上的钓鱼合约进行了实证研究。我们首先构建了一个包含 790 份已报告钓鱼合约的样本数据集,并在此基础上揭示了钓鱼合约的关键特征。然后,我们提出通过识别字节码中的可疑函数并模拟交易来收集钓鱼合约。基于此方法,我们构建了以太坊上首个大规模钓鱼合约数据集,涵盖了2022年12月29日至2025年1月1日期间部署的37,654个钓鱼合约。基于此数据集,我们收集钓鱼交易,并从受害者账户、钓鱼合约和部署者账户三个维度进行度量。令人担忧的是,这些钓鱼合约共发起了211,319笔钓鱼交易,导致171,984个受害者账户损失了1.907亿美元。此外,我们还识别出一个大规模钓鱼团伙,其部署的钓鱼合约数量占所有钓鱼合约总数的85.7%,并且目前仍然活跃。本研究旨在为打击钓鱼合约、保护用户资产安全提供有价值的参考。
2
Title:
Blockchain Amplification Attack
区块链放大攻击
Authors:
Taro Tsuchiya (Carnegie Mellon University); Liyi Zhou (The University of Sydney); Kaihua Qin (Yale University); Arthur Gervais (University College London & UC Berkeley RDI); Nicolas Christin (Carnegie Mellon University)
Key words:
Blockchain, Security, DoS, P2P network, Ethereum
区块链、安全、DoS、P2P 网络、以太坊
Abstract:
Strategies related to the blockchain concept of arbitrage or front/back running, create strong economic incentives for network nodes to reduce latency. Modified nodes, that minimize transaction validation and neglect to filter invalid transactions in the Ethereum peer-to-peer (P2P) network, introduce a novel attack vector---a Blockchain Amplification Attack. An attacker can exploit those modified nodes to amplify invalid transactions thousands of times, posing a security threat to the entire network. To illustrate attack practicality in the current Ethereum main network, we 1) identify thousands of similar attacks in the wild, 2) mathematically model the propagation mechanism, 3) empirically measure model parameters from our monitoring nodes, and 4) compare the performance with other existing Denial-of-Service (DoS) attacks through local simulation. We show that an attacker can amplify network traffic at modified nodes by a factor of 3,600, and cause economic damages of 13,800 times the amount needed to carry out the attack. Despite these risks, aggressive latency reduction may still be profitable to justify the existence of modified nodes. To assess this trade-off, we 1) simulate the transaction validation process in a local network and 2) empirically measure the latency reduction by deploying our modified node in the Ethereum test network. We finally provide mitigation strategies against the blockchain amplification attack.
与区块链套利或前后运行概念相关的策略,为网络节点降低了延迟提供了强大的经济激励。在以太坊点对点 (P2P) 网络中,经过修改的节点会最小化交易验证并忽略对无效交易的过滤,从而引入了一种新的攻击向量——区块链放大攻击。攻击者可以利用这些经过修改的节点将无效交易放大数千倍,对整个网络构成安全威胁。为了说明该攻击在当前以太坊主网中的可行性,我们 1) 识别了数千种类似的攻击,2) 对传播机制进行数学建模,3) 从我们的监测节点实证测量模型参数,以及 4) 通过本地模拟将其性能与其他现有的拒绝服务 (DoS) 攻击进行比较。我们表明,攻击者可以将经过修改的节点上的网络流量放大 3,600 倍,并造成相当于攻击所需金额 13,800 倍的经济损失。尽管存在这些风险,积极降低延迟仍然可能有利可图,从而证明修改节点的存在是合理的。为了评估这种权衡,我们 1) 在本地网络中模拟交易验证过程;2) 通过在以太坊测试网络中部署我们修改后的节点,实证测量延迟的降低。最后,我们提供了针对区块链放大攻击的缓解策略。
3
Title:
Piecing Together the Jigsaw Puzzle of Transactions on Heterogeneous Blockchain Networks
拼凑异构区块链网络上的交易拼图
Authors:
Xiaohui Hu (Huazhong University of Science and Technology); Hang Feng (Zhejiang University); Pengcheng Xia (Beijing University of Posts and Telecommunications); Gareth Tyson (Hong Kong University of Science and Technology (GZ)); Lei Wu, Yajin Zhou (Zhejiang University); Haoyu Wang (Huazhong University of Science and Technology)
Key words:
Cross-chain, Decentralized Finance, Blockchain, Transaction Analysis
跨链、去中心化金融、区块链、交易分析
Abstract:
The Web3 ecosystem is increasingly evolving to include multiple chains, with decentralized applications (dApps) distributed across different blockchains. This has driven the need for cross-chain bridges to enable blockchain interoperability. However, this opens up novel attack surface, and media outlets have reported serious attacks related to cross-chain bridges. Nevertheless, few prior works have studied cross-chain bridges and their related transactions, especially from a security perspective. To fill the void, this paper presents the first comprehensive analysis of cross-chain transactions. We first build a cross-chain transaction dataset based on semantic analysis of popular cross-chain bridges, covering 13 decentralized bridges and 7 representative blockchains, with over 80 million transactions in total. Based on this comprehensive dataset, we study the landscape of cross-chain transactions from several angles, including token usage, user profile and the purposes of transactions. We further observe that cross-chain bridges can be abused for malicious/aggressive purposes. Thus we design an automated detector and deploy it in-the-wild to flag misbehaviors from millions of cross-chain transactions. We identify hundreds of abnormal transactions related to exploits and arbitrages, etc. Our research underscores the importance of the cross-chain ecosystem, and offers an effective detector for pinpointing security threats.
Web3 生态系统正不断发展,涵盖多条区块链,去中心化应用程序 (dApp) 分布于不同的区块链之上。这推动了对跨链桥的需求,以实现区块链互操作性。然而,这也带来了新的攻击面,媒体也报道了与跨链桥相关的严重攻击。然而,此前很少有研究跨链桥及其相关交易,尤其是从安全角度进行研究。为了填补这一空白,本文首次对跨链交易进行了全面的分析。我们首先基于对热门跨链桥的语义分析构建了一个跨链交易数据集,涵盖 13 条去中心化跨链桥和 7 条代表性区块链,总计超过 8000 万笔交易。基于这个全面的数据集,我们从多个角度研究了跨链交易的现状,包括代币使用情况、用户画像和交易目的。我们进一步观察到,跨链桥可能被滥用于恶意/攻击性目的。因此,我们设计了一个自动检测器,并将其部署到实际环境中,以标记数百万笔跨链交易中的违规行为。我们发现了数百起与漏洞利用和套利等相关的异常交易。我们的研究强调了跨链生态系统的重要性,并提供了一种有效的检测器来查明安全威胁。
4
Title:
Towards Understanding and Analyzing Instant Cryptocurrency Exchanges
理解和分析即时加密货币交易
Authors:
Yufeng Hu, Yingshi Sun, Lei Wu, Yajin Zhou, Rui Chang (Zhejiang University)
Abstract:
In this paper, we examine a novel category of services in the blockchain ecosystem termed Instant Cryptocurrency Exchange (ICE) services. Originally conceived to facilitate cross-chain asset transfers, ICE services have, unfortunately, been abused for money laundering activities due to two key features: the absence of a strict Know Your Customer (KYC) policy and incomplete on-chain data of user requests. As centralized and non-transparent services, ICE services pose considerable challenges in the tracing of illicit fund flows laundered through them. Our comprehensive study of ICE services begins with an analysis of their features and workflow. We classify ICE services into two distinct types: Standalone and Delegated. We then perform a measurement analysis of ICE services, paying particular attention to their usage in illicit activities. Our findings indicate that a total of 12,473,290 illegal funds have been laundered through ICE services, and 432 malicious addresses were initially funded by ICE services. Based on the insights from measurement analysis, we propose a matching algorithm designed to evaluate the effectiveness of ICE services in terms of efficiency and prevention of traceability. Our evaluation reveals that 92% of the user requests analyzed were completed in less than three minutes, underscoring the efficiency of ICE services. In addition, we demonstrate that the algorithm is effective in tracing illicit funds in situations where ICE services are used in malicious activities. To engage the community, the entire dataset used in this study is open-source.
在本文中,我们研究了区块链生态系统中一种名为即时加密货币交易 (ICE) 服务的新型服务。ICE 服务最初旨在促进跨链资产转移,但不幸的是,由于两个关键特性,它被滥用于洗钱活动:缺乏严格的“了解你的客户”(KYC) 政策以及用户请求的链上数据不完整。作为中心化且不透明的服务,ICE 服务在追踪通过其洗钱的非法资金流方面带来了巨大挑战。我们对 ICE 服务的全面研究始于对其特性和工作流程的分析。我们将 ICE 服务分为两种不同的类型:独立服务 (Standalone) 和委托服务 (Delegated)。然后,我们对 ICE 服务进行测量分析,特别关注其在非法活动中的使用情况。我们的研究结果表明,共有 12,473,290 笔非法资金通过 ICE 服务进行洗钱,其中 432 个恶意地址最初由 ICE 服务资助。基于测量分析的洞察,我们提出了一种匹配算法,旨在评估ICE服务在效率和防止可追溯性方面的有效性。评估显示,92% 的用户请求在三分钟内完成,彰显了 ICE 服务的高效性。此外,我们还证明了该算法在 ICE 服务被用于恶意活动的情况下,能够有效追踪非法资金。为了方便社区参与,本研究中使用的所有数据集均为开源。
扫一扫
529
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
