Yue Gao,Jinqiao Shi,Xuebin Wang,Ruisheng Shi,Zelin Yin,Yanyan Yang

DOI: https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00191

2021-01-01

Abstract:Ethereum is the second-largest cryptocurrency, which is an open-source public blockchain platform with smart contract functionality. With the increasing popularity of Ethereum, considerable attention has been paid to its privacy and anonymity. Previous work in Ethereum deanonymization mostly focused on the analysis of its transaction graph and user behaviors. In this paper, for the first time we explored the feasibility of deanonymizing Ethereum users based on P2P network analysis. By measurement and analysis, we observed that the attacker can make connections with approximately 90% mainnet synced full nodes. Based on the well-connected supernode, the deanonymization experiments with basic estimators preliminarily indicate that the anonymity of Ethereum P2P network is pretty limited. To further improve the effect of deanonymization, we implemented and evaluated a machine learning based estimator, which reduces the influence of network delay on deanonymization and thus increases the success rate to 88%. At last, we provide the discussion about the anonymity and efficiency of the propagation mechanisms.

Jiajing Wu,Baoying Huang,Jieli Liu,Quanzhong Li,Zibin Zheng

DOI: https://doi.org/10.1016/j.ipm.2023.103384

IF: 7.466

2023-01-01

Information Processing & Management

Abstract:As the most ecologically active cryptocurrency platform, Ethereum has attracted the attention of many researchers. Leveraging its fully public transaction data, most existing analysis models all account interactions as a network and explores it from a static and global perspective. However, their work ignored the investigation of dynamic and microscopic features of accounts. Therefore, we conduct the first work about these features of different kinds of accounts on Ethereum. We select six account types on Ethereum, including exchanges, phishing, etc. Then we characterize and compare the dynamics of their transactions. Next, we construct a transaction ego network for each account, and investigate the network features from the perspective of microscopic structure. Experimental results show that different kinds of accounts have their own traits in terms of transaction features and properties of ego networks, which greatly contributes to understanding their roles. Additionally, there are obvious differences between normal accounts and illegal accounts in some characteristics such as transaction neighbors and interaction patterns. Moreover, we observe that criminal gangs may be participating in phishing scams. Finally, based on the conclusions of the account analysis, we design a variety of account features and use them for the account classification task. The experimental results prove that the dynamic and microscopic features we proposed are beneficial to distinguish different types of accounts. We believe our research can provide reference value for account classification tasks in Ethereum and other blockchains.

Wang, Chaofan,Dai, Xiaohai,Xiao, Jiang,Li, Chenchen,Wen, Ming,Zhou, Bingbing,Jin, Hai

DOI: https://doi.org/10.1007/s11704-021-0221-3

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:Blockchain platform Ethereum has involved millions of accounts due to its strong potential for providing numerous services based on smart contracts. These massive accounts can be divided into diverse categories, such as miners, tokens, and exchanges, which is termed as account diversity in this paper. The benefit of investigating diversity are multi-fold, including understanding the Ethereum ecosystem deeper and opening the possibility of tracking certain abnormal activities. Unfortunately, the exploration of blockchain account diversity remains scarce. Even the most relevant studies, which focus on the deanonymization of the accounts on Bitcoin, can hardly be applied on Ethereum since their underlying protocols and user idioms are different. To this end, we present the first attempt to demystify the account diversity on Ethereum. The key observation is that different accounts exhibit diverse behavior patterns, leading us to propose the heuristics for classification as the premise. We then raise the coverage rate of classification by the statistical learning model Maximum Likelihood Estimation (MLE). We collect real-world data through extensive efforts to evaluate our proposed method and show its effectiveness. Furthermore, we make an in-depth analysis of the dynamic evolution of the Ethereum ecosystem and uncover the abnormal arbitrage actions. As for the former, we validate two sweeping statements reliably: (1) standalone miners are gradually replaced by the mining pools and cooperative miners; (2) transactions related to the mining pool and exchanges take up a large share of the total transactions. The latter analysis shows that there are a large number of arbitrage transactions transferring the coins from one exchange to another to make a price difference.

Lioba Heimbach,Yann Vonlanthen,Juan Villacis,Lucianna Kiffer,Roger Wattenhofer

2024-09-06

Abstract:Many blockchain networks aim to preserve the anonymity of validators in the peer-to-peer (P2P) network, ensuring that no adversary can link a validator's identifier to the IP address of a peer due to associated privacy and security concerns. This work demonstrates that the Ethereum P2P network does not offer this anonymity. We present a methodology that enables any node in the network to identify validators hosted on connected peers and empirically verify the feasibility of our proposed method. Using data collected from four nodes over three days, we locate more than 15% of Ethereum validators in the P2P network. The insights gained from our deanonymization technique provide valuable information on the distribution of validators across peers, their geographic locations, and hosting organizations. We further discuss the implications and risks associated with the lack of anonymity in the P2P network and propose methods to help validators protect their privacy. The Ethereum Foundation has awarded us a bug bounty, acknowledging the impact of our results.

Cryptography and Security

Jiajun Zhou,Chenkai Hu,Jianlei Chi,Jiajing Wu,Meng Shen,Qi Xuan

DOI: https://doi.org/10.1109/TIFS.2022.3208471

2022-09-13

Abstract:Blockchain technology has the characteristics of decentralization, traceability and tamper-proof, which creates a reliable decentralized trust mechanism, further accelerating the development of blockchain finance. However, the anonymization of blockchain hinders market regulation, resulting in increasing illegal activities such as money laundering, gambling and phishing fraud on blockchain financial platforms. Thus, financial security has become a top priority in the blockchain ecosystem, calling for effective market regulation. In this paper, we consider identifying Ethereum accounts from a graph classification perspective, and propose an end-to-end graph neural network framework named Ethident, to characterize the behavior patterns of accounts and further achieve account de-anonymization. Specifically, we first construct an Account Interaction Graph (AIG) using raw Ethereum data. Then we design a hierarchical graph attention encoder named HGATE as the backbone of our framework, which can effectively characterize the node-level account features and subgraph-level behavior patterns. For alleviating account label scarcity, we further introduce contrastive self-supervision mechanism as regularization to jointly train our framework. Comprehensive experiments on Ethereum datasets demonstrate that our framework achieves superior performance in account identification, yielding 1.13% ~ 4.93% relative improvement over previous state-of-the-art. Furthermore, detailed analyses illustrate the effectiveness of Ethident in identifying and understanding the behavior of known participants in Ethereum (e.g. exchanges, miners, etc.), as well as that of the lawbreakers (e.g. phishing scammers, hackers, etc.), which may aid in risk assessment and market regulation.

Social and Information Networks

Shan Wang,Ming Yang,Wenxuan Dai,Yu Liu,Yue Zhang,Xinwen Fu

DOI: https://doi.org/10.1109/infocom52122.2024.10621236

2024-01-01

Abstract:Third-party RPC services have become the mainstream way for users to access Ethereum. In this paper, we present a novel deanonymization attack that can link an Ethereum address to a real-world identity such as IP address of a user who accesses Ethereum via a third-party RPC service. We find that RPC API calls result in distinguishable sizes of encrypted TCP packets. An attacker can then find when a user sends a transaction to an RPC provider and immediately send a beacon transaction after the user transaction. By exploiting the differences in the distributions of inter-arrival time intervals of normal transactions and two simultaneously initiated transactions, the attacker can identify the victim transaction in the Ethereum network. This enables the attacker to correlate the Ethereum address of the victim transaction’s initiator with the source IP address of TCP packets from a victim user. We model the attack through empirical measurements and conduct extensive real-world experiments to validate the effectiveness of our attack. With three optimization strategies, the correlation accuracy can reach to 98.70% and 96.60% respectively in Ethereum testnet and mainnet. We are the first to study the deanonymization of Ethereum users behind third-party RPC services.

Haaroon Yousaf

DOI: https://doi.org/10.48550/arXiv.2203.14684

2022-03-28

Abstract:This thesis presents techniques to investigate transactions in uncharted cryptocurrencies and services. Cryptocurrencies are used to securely send payments online. Payments via the first cryptocurrency, Bitcoin, use pseudonymous addresses that have limited privacy and anonymity guarantees. Research has shown that this pseudonymity can be broken, allowing users to be tracked using clustering and tagging heuristics. Such tracking allows crimes to be investigated. If a user has coins stolen, investigators can track addresses to identify the destination of the coins. This, combined with an explosion in the popularity of blockchain, has led to a vast increase in new coins and services. These offer new features ranging from coins focused on increased anonymity to scams shrouded as smart contracts. In this study, we investigated the extent to which transaction privacy has improved and whether users can still be tracked in these new ecosystems. We began by analysing the privacy-focused coin Zcash, a Bitcoin-forked cryptocurrency, that is considered to have strong anonymity properties due to its background in cryptographic research. We revealed that the user anonymity set can be considerably reduced using heuristics based on usage patterns. Next, we analysed cross-chain transactions collected from the exchange ShapeShift, revealing that users can be tracked as they move across different ledgers. Finally, we present a measurement study on the smart-contract pyramid scheme Forsage, a scam that cycled $267 million USD (of Ethereum) within its first year, showing that at least 88% of the participants in the scheme suffered a loss. The significance of this study is the revelation that users can be tracked in newer cryptocurrencies and services by using our new heuristics, which informs those conducting investigations and developing these technologies.

Cryptography and Security

Shuo Chen,Shaikh Muhammad Uzair Norman

DOI: https://doi.org/10.48550/arXiv.2211.09656

2022-11-18

Abstract:Cryptocurrencies, such as Bitcoin and Ethereum, are becoming increasingly prevalent mainly due to their anonymity, decentralization, transparency, and security. However, the completely public ledger makes the trace and analysis of each account possible as long as the identity behind the public address is revealed. Theoretically, social networks could make that happen when addresses are posted on social network platforms using accounts containing personal information. To verify such a possibility, we have collected public data from two major platforms, i.e. Twitter and Reddit, aiming to find potential privacy leakage behind the ETH public address. In the end, an easy-to-use retrieval application is also built for a better illustration.

Cryptography and Security

Tian Min,Wei Cai

DOI: https://doi.org/10.1007/s42486-022-00094-6

2022-02-15

CCF Transactions on Pervasive Computing and Interaction

Abstract:Decentralized application (DApp) is an emerging technology designed to address distrust, privacy, and security issues. However, we note that the research community in human factors has not conducted in-depth research on user behavior in this unique distributed environment yet. In this paper, unlike a small sample of user interviews, we attempt to profile DApp users through publicly available data. Using Ethereum as an example, we build a series of datasets containing more than 73.8 million transactions generated by 230,000 addresses. By transforming hexadecimal addresses into readable application names, we analyze the behavioral characteristics of the user based on the categories of DApp. Furthermore, we apply an unsupervised clustering method on the 230,000 addresses to distinguish investors and players and analyze their behavioral patterns and sensitivity to blockchain markets, such as ETH prices. In addition, we implement heuristics to demonstrate how blockchain data mining can facilitate practical systems, including anomaly detection and recommend systems. Finally, we discuss future directions for studying human factors in a decentralized context and hope that this work will attract more research attention and support the development of DApp and further Metaverse ecosystems.

Hanyi Sun,Na Ruan,Hanqing Liu

DOI: https://doi.org/10.1007/978-3-030-36938-5_7

2019-01-01

Abstract:AbstractAs an open source public blockchain with the capabilities of running smart contract, Ethereum provides decentralized Ethernet virtual machines to handle peer-to-peer contracts through its dedicated cryptocurrency Ether. And as the second largest blockchain, the amount of transaction data in Ethereum grows fast. Analysis of these data can help researchers better understand Ethereum and find attackers among the users. However, the analysis of Ethereum data at the present stage is mostly based on the statistical characteristics of Ethereum nodes and lacks analysis of the transaction behavior between them. In this paper, we apply machine learning in Ethereum analysis for the first time and cluster users and smart contract into groups by using transaction information in existing blocks. The clustering results are analyzed by using the identity information of the available Ethereum users and smart contracts. Based on the clustering results, we propose a new way of user identity discrimination and malicious user detection.

Shuyi Miao,Wangjie Qiu,Hongwei Zheng,Qinnan Zhang,Xiaofan Tu,Xunan Liu,Yang Liu,Jin Dong,Zhiming Zheng

2024-11-28

Abstract:The scaled Web 3.0 digital economy, represented by decentralized finance (DeFi), has sparked increasing interest in the past few years, which usually relies on blockchain for token transfer and diverse transaction logic. However, illegal behaviors, such as financial fraud, hacker attacks, and money laundering, are rampant in the blockchain ecosystem and seriously threaten its integrity and security. In this paper, we propose a novel double graph-based Ethereum account de-anonymization inference method, dubbed DBG4ETH, which aims to capture the behavioral patterns of accounts comprehensively and has more robust analytical and judgment capabilities for current complex and continuously generated transaction behaviors. Specifically, we first construct a global static graph to build complex interactions between the various account nodes for all transaction data. Then, we also construct a local dynamic graph to learn about the gradual evolution of transactions over different periods. Different graphs focus on information from different perspectives, and features of global and local, static and dynamic transaction graphs are available through DBG4ETH. In addition, we propose an adaptive confidence calibration method to predict the results by feeding the calibrated weighted prediction values into the classifier. Experimental results show that DBG4ETH achieves state-of-the-art results in the account identification task, improving the F1-score by at least 3.75% and up to 40.52% compared to processing each graph type individually and outperforming similar account identity inference methods by 5.23% to 12.91%.

Social and Information Networks

Ting Chen,Zihao Li,Yuxiao Zhu,Jiachi Chen,Xiapu Luo,John Chi-Shing Lui,Xiaodong Lin,Xiaosong Zhang

DOI: https://doi.org/10.1145/3381036

IF: 5.3

2020-01-01

ACM Transactions on Internet Technology

Abstract:Being the largest blockchain with the capability of running smart contracts, Ethereum has attracted wide attention and its market capitalization has reached 20 billion USD. Ethereum not only supports its cryptocurrency named Ether but also provides a decentralized platform to execute smart contracts in the Ethereum virtual machine. Although Ether's price is approaching 200 USD and nearly 600K smart contracts have been deployed to Ethereum, little is known about the characteristics of its users, smart contracts, and the relationships among them. To fill in the gap, in this paper, we conduct the first systematic study on Ethereum by leveraging graph analysis to characterize three major activities on Ethereum, namely money transfer, smart contract creation, and smart contract invocation. We design a new approach to collect all transaction data, construct three graphs from the data to characterize major activities, and discover new observations and insights from these graphs. Moreover, we propose new approaches based on cross-graph analysis to address two security issues in Ethereum. The evaluation through real cases demonstrates the effectiveness of our new approaches.

Friedhelm Victor

DOI: https://doi.org/10.1007/978-3-030-51280-4_33

2020-01-01

Abstract:For many years, address clustering for the identification of entities has been the basis for a variety of graph-based investigations of the Bitcoin blockchain and its derivatives. Especially in the field of fraud detection it has proven to be useful. With the popularization and increasing use of alternative blockchains, the question arises how to recognize entities in these new systems. Currently, there are no heuristics that can directly be applied to Ethereum’s account balance model. This drawback also applies to other smart contract platforms like EOS or NEO, for which previous transaction network analyses have been limited to address graphs. In this paper, we show how addresses can be clustered in Ethereum, yielding entities that are likely in control of multiple addresses. We propose heuristics that exploit patterns related to deposit addresses, multiple participation in airdrops and token authorization mechanisms. We quantify the applicability of each individual heuristic over the first 4 years of the Ethereum blockchain and illustrate identified entities in a sample token network. Our results show that we can cluster 17.9% of all active externally owned account addresses, indicating that there are more than 340,000 entities that are likely in control of multiple addresses. Comparing the heuristics, we conclude that the deposit address heuristic is currently the most effective approach.

Nathan Borggren,Hyoung-yoon Kim,Lihan Yao,Gary Koplik

DOI: https://doi.org/10.48550/arXiv.2001.03937

2020-01-12

Abstract:Monero is a popular crypto-currency which focuses on privacy. The blockchain uses cryptographic techniques to obscure transaction values as well as a `ring confidential transaction' which seeks to hide a real transaction among a variable number of spoofed transactions. We have developed training sets of simulated blockchains of 10 and 50 agents, for which we have control over the ground truth and keys, in order to test these claims. We featurize Monero transactions by characterizing the local structure of the public-facing blockchains and use labels obtained from the simulations to perform machine learning. Machine Learning of our features on the simulated blockchain shows that the technique can be used to aide in identifying individuals and groups, although it did not successfully reveal the hidden transaction values. We apply the technique on the real Monero blockchain to identify ShapeShift transactions, a cryptocurrency exchange that has leaked information through their API providing labels for themselves and their users.

Cryptography and Security

Patrik Keller,Martin Florian,Rainer Böhme

DOI: https://doi.org/10.48550/arXiv.2005.03535

2021-02-26

Abstract:Privacy-seeking cryptocurrency users rely on anonymization techniques like CoinJoin and ring transactions. By using such technologies benign users potentially provide anonymity to bad actors. We propose overlay protocols to resolve the tension between anonymity and accountability in a peer-to-peer manner. Cryptocurrencies can adopt this approach to enable prosecution of publicly recognized crimes. We illustrate how the protocols could apply to Monero rings and CoinJoin transactions in Bitcoin.

Cryptography and Security,Computers and Society

Zongyang Zhang,Jiayuan Yin,Yizhong Liu,Jianwei Liu

DOI: https://doi.org/10.1109/icics49469.2020.239510

2020-01-01

Abstract:With the development of blockchain technology, the use of cryptocurrencies in online payments has become increasingly prevalent. Litecoin, proposed in 2011, is currently the fifth-largest cryptocurrency in market value. Due to certain characteristics, such as the use of pseudonyms as transaction addresses, user privacy could be protected to some extent. However, there are some problems about its privacy guarantees. In this paper, we aim to reveal the severity of deanonymization attacks on online Litecoin payments. Firstly, we simulate purchases on merchant websites accepting Litecoin and monitor trackers embedding on information and payment pages. Secondly, we conduct transaction-linkage attacks on simulated digital and physical transaction flows, respectively. Our results show that a tracker is more likely to find the target transaction on Litecoin blockchain by collecting the digital transaction flows and implementing transaction-linkage attacks. The number of digital transaction flows with anonymous set size 1 and 2 account for 95% and 5% of all digital transaction flows, respectively. The success rate of the transaction-linkage attack is 0.975. To get the optimal uncertainty parameters of transaction-linkage attacks, we introduce a refined deanonymization attack by making real purchases. Finally, we present two new privacy protection measures against transaction-linkage attacks.

Alex Kovács,István András Seres

2023-08-31

Abstract:Stealth addresses are a privacy-enhancing technology that provides recipient anonymity on blockchains. In this work, we investigate the recipient anonymity and unlinkability guarantees of Umbra, the most widely used implementation of the stealth address scheme on Ethereum, and its three off-chain scalability solutions, e.g., Arbitrum, Optimism, and Polygon. We define and evaluate four heuristics to uncover the real recipients of stealth payments. We find that for the majority of Umbra payments, it is straightforward to establish the recipient, hence nullifying the benefits of using Umbra. Specifically, we find the real recipient of $48.5\%$, $25.8\%$, $65.7\%$, and $52.6\%$ of all Umbra transactions on the Ethereum main net, Polygon, Arbitrum, and Optimism networks, respectively. Finally, we suggest easily implementable countermeasures to evade our deanonymization and linking attacks.

Cryptography and Security

Xiao Fan Liu,Huan-Huan Ren,Si-Hao Liu,Xian-Jian Jiang

DOI: https://doi.org/10.1140/epjds/s13688-021-00276-9

IF: 3.63

2021-05-01

EPJ Data Science

Abstract:Abstract The cryptocurrency economy provides a comprehensive digital trace of human economic behavior: almost all cryptocurrency users’ activities are faithfully recorded in transactions on public blockchains. However, the user identifiers in the transaction records, i.e., blockchain addresses, are anonymous. That is, they cannot be associated with any real “off-chain” identify of actual users. Nonetheless, identifying the economic roles of the addresses from their past behaviors is still feasible. This paper analyzes Ethereum token transactions, characterizes key economic agents’ behavior from their transaction patterns, and explores their identifiability through interpretable machine learning models. Specifically, six types of most active economic agents are considered, including centralized cryptocurrency exchanges, decentralized exchanges, cryptocurrency wallets, token issuers, airdrop services, and gaming services. Transaction patterns such as trading volume, transaction tempo, and structural properties of transaction networks are defined for individual blockchain addresses. The results showed that cryptocurrency exchanges and online wallets have signature behavior patterns and hence can be accurately distinguished from other agents. Token issuers, airdrop services, and gaming services can sometimes be confused. Moreover, transaction networks’ features provide the richest information in the economic agent’s identification.

mathematics, interdisciplinary applications,social sciences, mathematical methods

Shahar Somin,Keeley Erhardt,Alex 'Sandy' Pentland

2024-07-05

Abstract:Technological advancements have significantly transformed communication patterns, introducing a diverse array of online platforms, thereby prompting individuals to use multiple profiles for different domains and objectives. Enhancing the understanding of cross domain identity matching capabilities is essential, not only for practical applications such as commercial strategies and cybersecurity measures, but also for theoretical insights into the privacy implications of data disclosure. In this study, we demonstrate that individual temporal data, in the form of inter-event times distribution, constitutes an individual temporal fingerprint, allowing for matching profiles across different domains back to their associated real-world entity. We evaluate our methodology on encrypted digital trading platforms within the Ethereum Blockchain and present impressing results in matching identities across these privacy-preserving domains, while outperforming previously suggested models. Our findings indicate that simply knowing when an individual is active, even if information about who they talk to and what they discuss is lacking, poses risks to users' privacy, highlighting the inherent challenges in preserving privacy in today's digital landscape.

Cryptography and Security

Hang Zhu,Weina Niu,Xuhan Liao,Xiaosong Zhang,Xiaofen Wang,Beibei Li,Zheyuan He

DOI: https://doi.org/10.1155/2022/3448950

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Since the Ethereum virtual machine is Turing complete, Ethereum can implement various complex logics such as mutual calls and nested calls between functions. Therefore, Ethereum has suffered a lot of attacks since its birth, and there are still many attackers active in Ethereum transactions. To this end, we propose a traceability method on Ethereum, using graph analysis to track attackers. We collected complete user transaction data to construct the graph and analyzed data on several harmful attacks, including reentry attacks, short address attacks, DDoS attacks, and Ponzi contracts. Through graph analysis, we found accounts that are strongly associated with these attacks and are still active. We have done a systematic analysis of these accounts to analyze their threats. Finally, we also analyzed the correlation between the information collected through RPC and these accounts and finally found that some accounts can find their IP addresses.