Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage
- URL: http://arxiv.org/abs/2309.03592v2
- Date: Tue, 28 Nov 2023 01:01:54 GMT
- Title: Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage
- Authors: Gibran Gomez, Kevin van Liebergen, Juan Caballero,
- Abstract summary: We perform the first systematic analysis on the estimation of cybercrime bitcoin revenue.
In contrast to what is widely believed, we show that the revenue is not always underestimated.
We quantify, for the first time, the impact of the (lack of) coverage on the estimation.
- Score: 5.732759656069282
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Multiple works have leveraged the public Bitcoin ledger to estimate the revenue cybercriminals obtain from their victims. Estimations focusing on the same target often do not agree, due to the use of different methodologies, seed addresses, and time periods. These factors make it challenging to understand the impact of their methodological differences. Furthermore, they underestimate the revenue due to the (lack of) coverage on the target's payment addresses, but how large this impact remains unknown. In this work, we perform the first systematic analysis on the estimation of cybercrime bitcoin revenue. We implement a tool that can replicate the different estimation methodologies. Using our tool we can quantify, in a controlled setting, the impact of the different methodology steps. In contrast to what is widely believed, we show that the revenue is not always underestimated. There exist methodologies that can introduce huge overestimation. We collect 30,424 payment addresses and use them to compare the financial impact of 6 cybercrimes (ransomware, clippers, sextortion, Ponzi schemes, giveaway scams, exchange scams) and of 141 cybercriminal groups. We observe that the popular multi-input clustering fails to discover addresses for 40% of groups. We quantify, for the first time, the impact of the (lack of) coverage on the estimation. For this, we propose two techniques to achieve high coverage, possibly nearly complete, on the DeadBolt server ransomware. Our expanded coverage enables estimating DeadBolt's revenue at $2.47M, 39 times higher than the estimation using two popular Internet scan engines.
Related papers
- Characterizing Polkadot's Transactions Ecosystem: methodology, tools, and insights [1.912429179274357]
Polkadot has gained significant attention in the digital currency landscape due to its pioneering approach to interoperability and scalability.
We map Polkadot on a palette that ranges from a thriving ecosystem to a speculative coin without compelling use cases.
Our findings demonstrate that crypto exchanges exert considerable influence on the Polkadot network, owning nearly 40% of all addresses in the ledger and absorbing at least 80% of all transactions.
arXiv Detail & Related papers (2024-04-16T13:11:02Z) - Effective Illicit Account Detection on Large Cryptocurrency MultiGraphs [16.25273745598176]
Rise in cryptocurrency-related illicit activities has led to significant losses for users.
Current detection methods mainly depend on feature engineering or are inadequate to leverage the complex information within cryptocurrency transaction networks.
We present DIAM, an effective method for detecting illicit accounts in cryptocurrency transaction networks modeled by directed multi-graphs with attributed edges.
arXiv Detail & Related papers (2023-09-04T09:01:56Z) - Bandit Social Learning: Exploration under Myopic Behavior [58.75758600464338]
We study social learning dynamics motivated by reviews on online platforms.
Agents collectively follow a simple multi-armed bandit protocol, but each agent acts myopically, without regards to exploration.
We derive stark learning failures for any such behavior, and provide matching positive results.
arXiv Detail & Related papers (2023-02-15T01:57:57Z) - A Word is Worth A Thousand Dollars: Adversarial Attack on Tweets Fools
Stock Prediction [100.9772316028191]
In this paper, we experiment with a variety of adversarial attack configurations to fool three stock prediction victim models.
Our results show that the proposed attack method can achieve consistent success rates and cause significant monetary loss in trading simulation.
arXiv Detail & Related papers (2022-05-01T05:12:22Z) - Reputation-based PoS for the Restriction of Illicit Activities on
Blockchain: Algorand Usecase [2.94824047753242]
In recent times, different machine learning-based techniques can detect such criminal elements based on blockchain transaction data.
We propose a reputation-based methodology for response to the users detected carrying out the aforementioned illicit activities.
arXiv Detail & Related papers (2021-12-21T07:32:22Z) - You are caught stealing my winning lottery ticket! Making a lottery
ticket claim its ownership [87.13642800792077]
Lottery ticket hypothesis (LTH) emerges as a promising framework to leverage a special sparse subnetwork.
Main resource bottleneck of LTH is however the extraordinary cost to find the sparse mask of the winning ticket.
Our setting adds a new dimension to the recently soaring interest in protecting against the intellectual property infringement of deep models.
arXiv Detail & Related papers (2021-10-30T03:38:38Z) - Ask "Who", Not "What": Bitcoin Volatility Forecasting with Twitter Data [2.9223917785251285]
We focus on volatility predictions for a relatively new asset class of cryptocurrencies (in particular, Bitcoin) using deep learning representations of public social media data from Twitter.
For the field work, we extracted semantic information and user interaction statistics from over 30 million Bitcoin-related tweets.
We built several deep learning architectures that utilized a combination of the gathered information.
arXiv Detail & Related papers (2021-10-27T09:55:03Z) - Towards Adversarial Patch Analysis and Certified Defense against Crowd
Counting [61.99564267735242]
Crowd counting has drawn much attention due to its importance in safety-critical surveillance systems.
Recent studies have demonstrated that deep neural network (DNN) methods are vulnerable to adversarial attacks.
We propose a robust attack strategy called Adversarial Patch Attack with Momentum to evaluate the robustness of crowd counting models.
arXiv Detail & Related papers (2021-04-22T05:10:55Z) - Adversarial Fooling Beyond "Flipping the Label" [54.23547006072598]
CNNs show near human or better than human performance in many critical tasks.
These attacks are potentially dangerous in real-life deployments.
We present a comprehensive analysis of several important adversarial attacks over a set of distinct CNN architectures.
arXiv Detail & Related papers (2020-04-27T13:21:03Z) - Adversarial Attacks on Linear Contextual Bandits [87.08004581867537]
Malicious agents may have incentives to attack the bandit algorithm to induce it to perform a desired behavior.
We show that a malicious agent can force a linear contextual bandit algorithm to pull any desired arm $T - o(T)$ times over a horizon of $T$ steps.
We also investigate the case when a malicious agent is interested in affecting the behavior of the bandit algorithm in a single context.
arXiv Detail & Related papers (2020-02-10T15:04:09Z) - Characterizing and Detecting Money Laundering Activities on the Bitcoin
Network [8.212945859699406]
We explore the landscape of potential money laundering activities occurring across the Bitcoin network.
Using data collected over three years, we create transaction graphs and provide an analysis on various graph characteristics to differentiate money laundering transactions from regular transactions.
We propose and evaluate a set of classifiers based on four types of graph features to classify money laundering and regular transactions.
arXiv Detail & Related papers (2019-12-27T11:34:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.