88 research outputs found
The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
Modern blockchains, such as Ethereum, enable the execution of so-called smart
contracts - programs that are executed across a decentralised network of nodes.
As smart contracts become more popular and carry more value, they become more
of an interesting target for attackers. In the past few years, several smart
contracts have been exploited by attackers. However, a new trend towards a more
proactive approach seems to be on the rise, where attackers do not search for
vulnerable contracts anymore. Instead, they try to lure their victims into
traps by deploying seemingly vulnerable contracts that contain hidden traps.
This new type of contracts is commonly referred to as honeypots. In this paper,
we present the first systematic analysis of honeypot smart contracts, by
investigating their prevalence, behaviour and impact on the Ethereum
blockchain. We develop a taxonomy of honeypot techniques and use this to build
HoneyBadger - a tool that employs symbolic execution and well defined
heuristics to expose honeypots. We perform a large-scale analysis on more than
2 million smart contracts and show that our tool not only achieves high
precision, but is also highly efficient. We identify 690 honeypot smart
contracts as well as 240 victims in the wild, with an accumulated profit of
more than $90,000 for the honeypot creators. Our manual validation shows that
87% of the reported contracts are indeed honeypots
Code Will Tell: Visual Identification of Ponzi Schemes on Ethereum
Ethereum has become a popular blockchain with smart contracts for investors
nowadays. Due to the decentralization and anonymity of Ethereum, Ponzi schemes
have been easily deployed and caused significant losses to investors. However,
there are still no explainable and effective methods to help investors easily
identify Ponzi schemes and validate whether a smart contract is actually a
Ponzi scheme. To fill the research gap, we propose PonziLens, a novel
visualization approach to help investors achieve early identification of Ponzi
schemes by investigating the operation codes of smart contracts. Specifically,
we conduct symbolic execution of opcode and extract the control flow for
investing and rewarding with critical opcode instructions. Then, an intuitive
directed-graph based visualization is proposed to display the investing and
rewarding flows and the crucial execution paths, enabling easy identification
of Ponzi schemes on Ethereum. Two usage scenarios involving both Ponzi and
non-Ponzi schemes demonstrate the effectiveness of PonziLens
SourceP: Smart Ponzi Schemes Detection on Ethereum Using Pre-training Model with Data Flow
As blockchain technology becomes more and more popular, a typical financial
scam, the Ponzi scheme, has also emerged in the blockchain platform Ethereum.
This Ponzi scheme deployed through smart contracts, also known as the smart
Ponzi scheme, has caused a lot of economic losses and negative impacts.
Existing methods for detecting smart Ponzi schemes on Ethereum mainly rely on
bytecode features, opcode features, account features, and transaction behavior
features of smart contracts, and such methods lack interpretability and
sustainability. In this paper, we propose SourceP, a method to detect smart
Ponzi schemes on the Ethereum platform using pre-training models and data flow,
which only requires using the source code of smart contracts as features to
explore the possibility of detecting smart Ponzi schemes from another
direction. SourceP reduces the difficulty of data acquisition and feature
extraction of existing detection methods while increasing the interpretability
of the model. Specifically, we first convert the source code of a smart
contract into a data flow graph and then introduce a pre-training model based
on learning code representations to build a classification model to identify
Ponzi schemes in smart contracts. The experimental results show that SourceP
achieves 87.2\% recall and 90.7\% F-score for detecting smart Ponzi schemes
within Ethereum's smart contract dataset, outperforming state-of-the-art
methods in terms of performance and sustainability. We also demonstrate through
additional experiments that pre-training models and data flow play an important
contribution to SourceP, as well as proving that SourceP has a good
generalization ability.Comment: 12 page
AI-powered Fraud Detection in Decentralized Finance: A Project Life Cycle Perspective
In recent years, blockchain technology has introduced decentralized finance
(DeFi) as an alternative to traditional financial systems. DeFi aims to create
a transparent and efficient financial ecosystem using smart contracts and
emerging decentralized applications. However, the growing popularity of DeFi
has made it a target for fraudulent activities, resulting in losses of billions
of dollars due to various types of frauds. To address these issues, researchers
have explored the potential of artificial intelligence (AI) approaches to
detect such fraudulent activities. Yet, there is a lack of a systematic survey
to organize and summarize those existing works and to identify the future
research opportunities. In this survey, we provide a systematic taxonomy of
various frauds in the DeFi ecosystem, categorized by the different stages of a
DeFi project's life cycle: project development, introduction, growth, maturity,
and decline. This taxonomy is based on our finding: many frauds have strong
correlations in the stage of the DeFi project. According to the taxonomy, we
review existing AI-powered detection methods, including statistical modeling,
natural language processing and other machine learning techniques, etc. We find
that fraud detection in different stages employs distinct types of methods and
observe the commendable performance of tree-based and graph-related models in
tackling fraud detection tasks. By analyzing the challenges and trends, we
present the findings to provide proactive suggestion and guide future research
in DeFi fraud detection. We believe that this survey is able to support
researchers, practitioners, and regulators in establishing a secure and
trustworthy DeFi ecosystem.Comment: 38 pages, update reference
Data mining for detecting Bitcoin Ponzi schemes
Soon after its introduction in 2009, Bitcoin has been adopted by
cyber-criminals, which rely on its pseudonymity to implement virtually
untraceable scams. One of the typical scams that operate on Bitcoin are the
so-called Ponzi schemes. These are fraudulent investments which repay users
with the funds invested by new users that join the scheme, and implode when it
is no longer possible to find new investments. Despite being illegal in many
countries, Ponzi schemes are now proliferating on Bitcoin, and they keep
alluring new victims, who are plundered of millions of dollars. We apply data
mining techniques to detect Bitcoin addresses related to Ponzi schemes. Our
starting point is a dataset of features of real-world Ponzi schemes, that we
construct by analysing, on the Bitcoin blockchain, the transactions used to
perform the scams. We use this dataset to experiment with various machine
learning algorithms, and we assess their effectiveness through standard
validation protocols and performance metrics. The best of the classifiers we
have experimented can identify most of the Ponzi schemes in the dataset, with a
low number of false positives
A true concurrent model of smart contracts executions
The development of blockchain technologies has enabled the trustless
execution of so-called smart contracts, i.e. programs that regulate the
exchange of assets (e.g., cryptocurrency) between users. In a decentralized
blockchain, the state of smart contracts is collaboratively maintained by a
peer-to-peer network of mutually untrusted nodes, which collect from users a
set of transactions (representing the required actions on contracts), and
execute them in some order. Once this sequence of transactions is appended to
the blockchain, the other nodes validate it, re-executing the transactions in
the same order. The serial execution of transactions does not take advantage of
the multi-core architecture of modern processors, so contributing to limit the
throughput. In this paper we propose a true concurrent model of smart contract
execution. Based on this, we show how static analysis of smart contracts can be
exploited to parallelize the execution of transactions.Comment: Full version of the paper presented at COORDINATION 202
- …