Related papers: Blockchain Address Poisoning

Blockchain Address Poisoning

URL: http://arxiv.org/abs/2501.16681v1
Date: Tue, 28 Jan 2025 03:34:59 GMT
Title: Blockchain Address Poisoning
Authors: Taro Tsuchiya, Jin-Dong Dong, Kyle Soska, Nicolas Christin,
Abstract summary: In many blockchains, the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. The adversary generates lookalike addresses similar to one with which the victim has previously interacted, and then engages with the victim to poison'' their transaction history. We identify 13 times the number of attack attempts reported previously -- totaling 270M on-chain attacks targeting 17M victims.
Score: 5.68371809302547
License:
Abstract: In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select addresses from their recent transaction history, which enables blockchain address poisoning. The adversary first generates lookalike addresses similar to one with which the victim has previously interacted, and then engages with the victim to ``poison'' their transaction history. The goal is to have the victim mistakenly send tokens to the lookalike address, as opposed to the intended recipient. Compared to contemporary studies, this paper provides four notable contributions. First, we develop a detection system and perform measurements over two years on Ethereum and BSC. We identify 13 times the number of attack attempts reported previously -- totaling 270M on-chain attacks targeting 17M victims. 6,633 incidents have caused at least 83.8M USD in losses, which makes blockchain address poisoning one of the largest cryptocurrency phishing schemes observed in the wild. Second, we analyze a few large attack entities using improved clustering techniques, and model attacker profitability and competition. Third, we reveal attack strategies -- targeted populations, success conditions (address similarity, timing), and cross-chain attacks. Fourth, we mathematically define and simulate the lookalike address-generation process across various software- and hardware-based implementations, and identify a large-scale attacker group that appears to use GPUs. We also discuss defensive countermeasures.

Related papers

Safeguarding Blockchain Ecosystem: Understanding and Detecting Attack Transactions on Cross-chain Bridges [3.07869141026886]
Attacks on cross-chain bridges have resulted in losses of nearly 4.3 billion dollars since 2021. This paper collects the largest number of cross-chain bridge attack incidents to date, including 49 attacks that occurred between June 2021 and September 2024. We propose the BridgeGuard tool to detect attacks against cross-chain business logic.
arXiv Detail & Related papers (2024-10-18T14:25:05Z)
XChainWatcher: Monitoring and Identifying Attacks in Cross-Chain Bridges [3.893704673350463]
We propose XChainWatcher, the first mechanism for monitoring bridges and detecting attacks against them. XChainWatcher relies on a cross-chain model powered by a Datalog engine, designed to be pluggable into any cross-chain bridge. We provide the first open-source dataset of 81,000 cctxs across three blockchains, capturing more than $4.2B in token transfers.
arXiv Detail & Related papers (2024-10-02T20:49:24Z)
The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols. Existing approaches for threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol. We propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds.
arXiv Detail & Related papers (2024-07-16T20:53:04Z)
Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transformers [51.0477382050976]
An extra prompt token, called the switch token in this work, can turn the backdoor mode on, converting a benign model into a backdoored one. To attack a pre-trained model, our proposed attack, named SWARM, learns a trigger and prompt tokens including a switch token. Experiments on diverse visual recognition tasks confirm the success of our switchable backdoor attack, achieving 95%+ attack success rate.
arXiv Detail & Related papers (2024-05-17T08:19:48Z)
Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions. The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z)
Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB) [50.888293380932616]
We study the ecosystem of the tokens and liquidity pools. We find that about 60% of tokens are active for less than one day. We estimate that 1-day rug pulls generated $240 million in profits.
arXiv Detail & Related papers (2022-06-16T14:20:19Z)
Towards Malicious address identification in Bitcoin [3.646526715728388]
We generate the temporal and non-temporal feature set and train the Machine Learning (ML) algorithm over different temporal granularities to validate methods. A comparative analysis of results show that the behavior of addresses in and Bitcoin is similar with respect to in-degree, out-degree and inter-event time. We identify 3 suspects that showed malicious behavior across different temporal granularities.
arXiv Detail & Related papers (2021-12-22T08:11:58Z)
Poison Ink: Robust and Invisible Backdoor Attack [122.49388230821654]
We propose a robust and invisible backdoor attack called Poison Ink'' Concretely, we first leverage the image structures as target poisoning areas, and fill them with poison ink (information) to generate the trigger pattern. Compared to existing popular backdoor attack methods, Poison Ink outperforms both in stealthiness and robustness.
arXiv Detail & Related papers (2021-08-05T09:52:49Z)
Detecting Malicious Accounts showing Adversarial Behavior in Permissionless Blockchains [4.506782035297339]
Malicious activities have been flagged in multiple permissionless blockchains such as bitcoin. We aim at automatically flagging blockchain accounts that originate such malicious exploitation of accounts of other participants. We identify a robust supervised machine learning (ML) algorithm that is resistant to any bias induced by an over representation of certain malicious activity.
arXiv Detail & Related papers (2021-01-28T10:33:50Z)
Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's Post-Quantum Security [67.06003361150228]
A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
arXiv Detail & Related papers (2020-12-30T18:03:56Z)
Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users [0.0]
We propose and implement user profiling techniques based on quasi-identifiers. We describe a malicious value-fingerprinting attack, a variant of the Danaan-gift attack, applicable for the confidential transaction overlays.
arXiv Detail & Related papers (2020-05-28T14:33:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.