Article
Open Access
Detecting phishing gangs via taint analysis on the Ethereum blockchain
Kangrui Huang1Weili Chen2,∗Zibin Zheng3
1 School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, China
2 School of Information Science and Technology, Guangdong University of Foreign Studies, Guangzhou, China
3 School of Software Engineering, Sun Yat-Sen University, Guangzhou, China
Abstract

Blockchain technology has created a new cryptocurrency world and attracted a lot of attention. It also attracts scams, for example, phishing scam, a typical fraud, has been found making a notable amount of money in the blockchain ecosystem, which has a very negative impact. Considering the whole life cycle of a phishing scam, this paper proposes the concept of a phishing gang, that is, a set of accounts that serve for phishing activity and belong to the same entity on the blockchain. As phishers often use multiple accounts to commit phishing scams and money laundering, detecting phishing gangs in the blockchain ecosystem is a real and critical problem. To help deal with this issue, this paper proposes a method of detecting phishing gangs on the Ethereum blockchain. Specifically, we first construct a transaction network with a graph structure by mining the transaction record and the account labels of the Ethereum blockchain. Next, we propose the base and improvement methods of taint analysis, aiming to evaluate the taint score of each account by tracking the fund flow of phishing accounts. Then, with the results of taint analysis and some heuristic means, all accounts in the transaction network are divided into five categories. Based on this, we propose a heuristics algorithm for phishing gang detection. And we also summarize gang patterns and reveal money laundering in phishing activities. Experimental results indicate that the proposed framework can be used to build a uniform platform to monitor every account on the Ethereum blockchain for early warning of phishing scams and detection of the phishers' money laundering and cashing process.

Keywords

Blockchain; ethereum; phishing scam; money laundering; phishing gang; taint analysis

Preview
References
  • [1]Ethereum. Welcome to Ethereum. Available: https://www.ethereum.org (accessed on 30 April 2018).
  • [2]Camilla H. Almost 10% of all money invested in initial coin offerings using cryptocurrency Ethereum has been stolen. Available: https://www.businessinsider.sg /ethereum-cyber-criminals-icos-threft-2017-2017-8 (accessed on 30 April 2018).
  • [3]Liu J, Ye Y. Introduction to e-commerce agents: Marketplace marketplace solutions, security issues, and supply and demand. E-Commerce Agents, Berlin/Heidelberg, Springer, 2001. 1-6.
  • [4]Chainalysis. The Rise of Cybercrime on Ethereum. Available: https://blog.chainal ysis.com/the-rise-of-cybercrime-on-ethereum (accessed on 30 April 2018).
  • [5]Paul D. 100s of ETH Stolen After Bee Token ICO Email List Hacked. Available: https://theripplecryptocurrency.com/bee-token-scam (accessed on 30 April 2018).
  • [6]Khonji M, Iraqi Y, Jones A. Phishing detection: a literature survey. IEEE Commun Surv Tutor 2013, 15(4): 2091-2121.
  • [7]James L. Phishing Exposed, Amerstand: Elsevier, 2005.
  • [8]Abdelhamid N, Ayesh A, Thabtah F. Phishing detection based associative classification data mining. Expert Syst Appl 2014, 41(13): 5948-5959.
  • [9]Zouina M, Outtaj B. A novel lightweight URL phishing detection system using SVM and similarity index. Hum-Cent Comput Info 2017, 7(1): 1-13.
  • [10]Nakamoto S. Bitcoin: A peer-to-peer electronic cash system. DBR, 2008: 21260.
  • [11]Wood G. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 2014, 151(2014): 1-32.
  • [12]Nick S. Smart contracts: Building blocks for digital markets. Available: http://www.fon.hum.uva.nl (accessed on 1 October 2017)
  • [13]Ethereum. Create your own crypto-currency with Ethereum. Available: https://www. ethereum.org/token (accessed on 30 April 2018)
  • [14]Möser M, Böhme R, Breuker D. An inquiry into money laundering tools in the Bitcoin ecosystem. In 2013 APWG eCrime researchers summit, New York: IEEE, 2013.
  • [15]Prado-Romero MA, Doerr C, Gago-Alonso A. Discovering bitcoin mixing using anomaly detection. Iberoamerican Congress on Pattern Recognition, Cham: Springer, 2017.
  • [16]Hu Y, Seneviratne S, Thilakarathna K, Kensuke F, Aruna S. Characterizing and detecting money laundering activities on the bitcoin network. arXiv 2019, arXiv:1912.12060.
  • [17]Phetsouvanh S, Oggier F, Datta A. Egret: Extortion graph exploration techniques in the bitcoin network. 2018 IEEE International conference on data mining workshops (ICDMW), New York: IEEE, 2018.
  • [18]Haslhofer B, Karl R, Filtz E. O Bitcoin Where Art Thou? Insight into Large-Scale Transaction Graphs. SEMANTiCS (Posters, Demos, SuCCESS) 2016.
  • [19]Hercog U, Povše A. Taint analysis of the Bitcoin network. arXiv 2019, arXiv:1907.01538.
  • [20]Tironsakkul T, Maarek M, Eross A, Just M. Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis. arXiv 2019, arXiv:1906.05754.
  • [21]Tesa. Lost Ethers in Google ad phishing scam. Available: https://ethereum.stacke xchange.com/questions/8565/lost-ethers-in-google-ad-phishing-scam (accessed on 30 April 2018).
  • [22]Mary-Ann R. Ethereum under siege: Scammers make $700,000 in 6 days from Slack and Reddit phishing attacks. Available: https://www.ibtimes.co.uk/ether eumunder-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-162 9866 (accessed on 30 April 2018).
  • [23]Medvet E, Kirda E, Kruegel C. Visual-similarity-based phishing detection. In Proceedings of the 4th international conference on Security and Privacy in Communication Netowrks, Singapore: Springer, 2008. pp.1-6.
  • [24]Alkhozae MG, Batarfi OA. Phishing websites detection based on phishing characteristics in the webpage source code. Int J Inf Commun Technol 2011, 1(6).
  • [25]McGeehan R, Popov LT, Palow CW, Read RJ, Keyani P. Preventing phishing attacks based on reputation of user locations. U.S. Patent No. 9,576,119. 21 Feb. 2017.
  • [26]Jain AK, Gupta BB. PHISH-SAFE: URL features-based phishing detection system using machine learning. Cyber Secur 2018. 467-474.
  • [27]Jian M, Wenqian T, Pei L, Tao W, Zhenkai L. Phishing website detection based on effective CSS features of Web pages. International Conference on Wireless Algorithms, Systems, and Applications, Cham: Springer, 2017. pp.804-815.
  • [28]Antonovici. Japan records 170 money-laundering cases related to cryptocurrency over six months. Available: https://cryptovest.com/news/japan-records-170-moneylaundering-cases-related-to-cryptocurrency-over-six-months/ (accessed on 30 April 2018).
  • [29]Lin D, Wu J, Yuan Q, Zheng Z. T-edge: Temporal weighted multidigraph embedding for ethereum transaction network analysis. Front Phys 2020, 8, 204.
  • [30]Victor F. Address clustering heuristics for Ethereum. International conference on financial cryptography and data security, Cham: Springer, 2020. pp.617-633.
  • [31]Lee XT, Khan A, Sen Gupta S, Ong YH, Xuan L. Measurements, analyses, and insights on the entire ethereum blockchain network. Proc Web Conf 2020. pp.155- 166.
  • [32]Chen W, Guo X, Chen Z, Zheng Z,Lu Y. Phishing Scam Detection on Ethereum: Towards Financial Security for Blockchain Ecosystem. IJCAI 2020. pp.4506-4512.
Office Locations

Room 704, Cheuk Nang Centre, 9 Hillwood Road, Tsim Sha Tsui, Kowloon, Hong Kong

No.169th Liangui Road, Dongjing Street, Yuhua District, Changsha 410116, Hunan Province, China

Useful Links
About

ELSPublishing (ELSP) is an international publishing house dedicated to publishing high-quality journals, books, proceedings, and providing free conference system. ELSP is committed to promote scholarly communication and sharing, to build a globally integrated scholarly ecosystem, and to advance the cause for a wide range of scholars.

Website Copyright © 2024 ELSP