A Data Science Approach for Detecting Honeypots in Ethereum

Camino, Ramiro Daniel; Torres, Christof Ferreira; Baden, Mathis; State, Radu

doi:10.1109/icbc48266.2020.9169396

Cited by 21 publications

(15 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that the above state-of-the-art approaches do not consider source code-based features to carry out a behavioral analysis on the SC in Ethereum. To address such an issue, [19], the authors use both transaction and source codebased features to detect honeypot accounts in the Ethereum blockchain. They use a dataset with 16163 accounts, of which 295 are marked as honeypots by HoneyBadger's repository 5 .…”

Section: B Transaction Based Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

Vulnerability and Transaction behavior based detection of Malicious Smart Contracts

Agarwal¹,

Thapliyal²,

Shukla³

2021

Preprint

View full text Add to dashboard Cite

Smart Contracts (SCs) in Ethereum can automate tasks and provide different functionalities to a user. Such automation is enabled by the 'Turing-complete' nature of the programming language (Solidity) in which SCs are written. This also opens up different vulnerabilities and bugs in SCs that malicious actors exploit to carry out malicious or illegal activities on the cryptocurrency platform. In this work, we study the correlation between malicious activities and the vulnerabilities present in SCs and find that some malicious activities are correlated with certain types of vulnerabilities. We then develop and study the feasibility of a scoring mechanism that corresponds to the severity of the vulnerabilities present in SCs to determine if it is a relevant feature to identify suspicious SCs. We analyze the utility of severity score towards detection of suspicious SCs using unsupervised machine learning (ML) algorithms across different temporal granularities and identify behavioral changes. In our experiments with on-chain SCs, we were able to find a total of 1094 benign SCs across different granularities which behave similar to malicious SCs, with the inclusion of the smart contract vulnerability scores in the feature set.

show abstract

Section: B Transaction Based Techniquesmentioning

confidence: 99%

“…Moreover, in [19], the authors use features extracted from the opcodes of an SC and their transactions. However, they do not consider the vulnerabilities that are present and are exploited by attackers as features.…”

Section: B Transaction Based Techniquesmentioning

confidence: 99%

Vulnerability and Transaction behavior based detection of Malicious Smart Contracts

Agarwal¹,

Thapliyal²,

Shukla³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The main attacks and threats of smart contracts were discussed in [13]. In addition to smart contracts threats, a series of studies focused on the detection of fraud contracts in the Ethereum platform [14][15][16][17][18][19][20][21]. According to [14], the first empirical study of blockchain financial scams, more than 7 million USD been gathered in only a year.…”

Section: B Scams In Smart Contractsmentioning

confidence: 99%

“…Four categories of scams were defined: Ponzi schemes, mining scams, scam wallets and fraudulent exchanges. Other frauds like honeypots, phishing scams are discussed in [16][17][18][19][20][21]. These frauds can be quite damaging due to the autonomy and immutability of blockchain system.…”

Section: B Scams In Smart Contractsmentioning

confidence: 99%

“…3) Phishing Scam: Phishing scam is a form of electronic identity theft using the method of disguising as an honest firm, aiming at obtaining private information such as usernames and passwords from users who visit them [19]. A traditional phishing attack typically begins by sending an electronic letter that seems to be from an authentic organization.…”

Section: B Scams In Smart Contractsmentioning

confidence: 99%

See 1 more Smart Citation

SCSGuard: Deep Scam Detection for Ethereum Smart Contracts

Hu¹,

Xu²

2021

Preprint

View full text Add to dashboard Cite

Smart contract is the building block of blockchain systems that enables automated peer-to-peer transactions and decentralized services. With the increasing popularity of smart contracts, blockchain systems, in particular Ethereum, have been the "paradise" of versatile fraud activities in which Ponzi, Honeypot and Phishing are the prominent ones. Formal verification and symbolic analysis have been employed to combat these destructive scams by analyzing the codes and function calls, yet the vulnerability of each individual scam should be predefined discreetly. In this work, we present SCSGuard, a novel deep learning scam detection framework that harnesses the automatically extractable bytecodes of smart contracts as their new features. We design a GRU network with attention mechanism to learn from the Ngram bytecode patterns, and determines whether a smart contract is fraudulent or not. Our framework is advantageous over the baseline algorithms in three aspects. Firstly, SCSGuard provides a unified solution to different scam genres, thus relieving the need of code analysis skills. Secondly, the inference of SCSGuard is faster than the code analysis by several order of magnitudes. Thirdly, experimental results manifest that SCSGuard achieves high accuracy (0.92∼0.94), precision (0.94∼0.96%) and recall (0.97∼0.98) for both Ponzi and Honeypot scams under similar settings, and is potentially useful to detect new Phishing smart contracts.

show abstract