Lingling Lu,Zhenyu Wen,Ye Yuan,Binru Dai,Peng Qian,Changting Lin,Qinming He,Zhenguang Liu,Jianhai Chen,Rajiv Ranjan

DOI: https://doi.org/10.1109/tdsc.2022.3228908

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Blockchain, a distributed and shared ledger, provides a credible and transparent solution to increase application auditability by querying the immutable records written in the ledger. Unfortunately, existing query APIs offered by the blockchain are inflexible and unscalable. Some studies propose off-chain solutions to provide more flexible and scalable query services. However, the query service providers (SPs) may deliver fake results without executing the real computation tasks and collude to cheat users. In this article, we propose a novel intelligent blockchain analytics platform termed iQuery , in which we design a game theory based smart contract to ensure the trustworthiness of the query results at a reasonable monetary cost. Furthermore, the contract introduces the second opinion game that employs a randomized SP selection approach coupled with non-ordered asynchronous querying primitive to prevent collusion. We achieve a fixed price equilibrium, destroy the economic foundation of collusion, and can incentivize all rational SPs to act diligently with proper financial rewards. In particular, iQuery can flexibly support semantic and analytical queries for generic consortium or public blockchains, achieving query scalability to massive blockchain data. Extensive experimental evaluations show that iQuery is significantly faster than state-of-the-art systems. Specifically, in terms of the conditional, analytical, and multi-origin query semantics, iQuery is 2 ×, 7 ×, and 1.5 × faster than advanced blockchain and blockchain databases. Meanwhile, to guarantee 100% trustworthiness, only two copies of query results need to be verified in iQuery , while iQuery 's latency is $2 \sim 134$ × smaller than the state-of-the-art systems.

Dabao Wang,Hang Feng,Siwei Wu,Yajin Zhou,Lei Wu,Xingliang Yuan

DOI: https://doi.org/10.1145/3545948.3545963

2022-01-01

Abstract:The prosperity of decentralized finance motivates many investors to profit via trading their crypto assets on decentralized applications (DApps for short) of the Ethereum ecosystem. Apart from Ether (the native cryptocurrency of Ethereum), many ERC20 (a widely used token standard on Ethereum) tokens obtain vast market value in the ecosystem. Specifically, the approval mechanism is used to delegate the privilege of spending users’ tokens to DApps. By doing so, the DApps can transfer these tokens to arbitrary receivers on behalf of the users. To increase the usability, unlimited approval is commonly adopted by DApps to reduce the required interaction between them and their users. However, as shown in existing security incidents, this mechanism can be abused to steal users’ tokens. In this paper, we present the first systematic study to quantify the risk of unlimited approval of ERC20 tokens on Ethereum. Specifically, by evaluating existing transactions up to 31st July 2021, we find that unlimited approval is prevalent (60%, 15.2M/25.4M) in the ecosystem, and 22% of users have a high risk of their approved tokens for stealing. After that, we investigate the security issues that are involved in interacting with the UIs of 22 representative DApps and 9 famous wallets to prepare the approval transactions. The result reveals the worrisome fact that all DApps request unlimited approval from the front-end users and only 10% (3/31) of UIs provide explanatory information for the approval mechanism. Meanwhile, only 16% (5/31) of UIs allow users to modify their approval amounts. Finally, we take a further step to characterize the user behavior into five modes and formalize the good practice, i.e., on-demand approval and timely spending, towards securely spending approved tokens. However, the evaluation result suggests that only 0.2% of users follow the good practice to mitigate the risk. Our study sheds light on the risk of unlimited approval and provides suggestions to secure the approval mechanism of the ERC20 tokens on Ethereum.

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/iwqos49365.2020.9213064

2020-01-01

Abstract:Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks.

Yang Liu,Zhiyuan Lin,Yuxi Zhang,Lin Jiang,Xuan Wang

DOI: https://doi.org/10.32604/cmes.2023.030468

2024-01-01

Abstract:Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smart contracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connection mechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security. In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application of simulation technology, which is capable of aggregating all node records within the network and the interconnectedness between them. Utilizing this connection information, NodeHunter can procure more comprehensive insights for network status analysis compared to preceding detection methodologies. Throughout a three-month period of unbroken surveillance of the Ethereum network, we obtained an excess of two million node records along with over one hundred million node acquaintances. Analysis of the gathered data revealed that an alarming 49% or more of these node records were maliciously forged.

Kaihua Qin,Liyi Zhou,Arthur Gervais

DOI: https://doi.org/10.48550/arXiv.2101.05511

2021-01-14

Cryptography and Security

Abstract:Permissionless blockchains such as Bitcoin have excelled at financial services. Yet, opportunistic traders extract monetary value from the mesh of decentralized finance (DeFi) smart contracts through so-called blockchain extractable value (BEV). The recent emergence of centralized BEV relayer portrays BEV as a positive additional revenue source. Because BEV was quantitatively shown to deteriorate the blockchain's consensus security, BEV relayers endanger the ledger security by incentivizing rational miners to fork the chain. For example, a rational miner with a 10% hashrate will fork Ethereum if a BEV opportunity exceeds 4x the block reward. However, related work is currently missing quantitative insights on past BEV extraction to assess the practical risks of BEV objectively. In this work, we allow to quantify the BEV danger by deriving the USD extracted from sandwich attacks, liquidations, and decentralized exchange arbitrage. We estimate that over 32 months, BEV yielded 540.54M USD in profit, divided among 11,289 addresses when capturing 49,691 cryptocurrencies and 60,830 on-chain markets. The highest BEV instance we find amounts to 4.1M USD, 616.6x the Ethereum block reward. Moreover, while the practitioner's community has discussed the existence of generalized trading bots, we are, to our knowledge, the first to provide a concrete algorithm. Our algorithm can replace unconfirmed transactions without the need to understand the victim transactions' underlying logic, which we estimate to have yielded a profit of 57,037.32 ETH (35.37M USD) over 32 months of past blockchain data. Finally, we formalize and analyze emerging BEV relay systems, where miners accept BEV transactions from a centralized relay server instead of the peer-to-peer (P2P) network. We find that such relay systems aggravate the consensus layer attacks and therefore further endanger blockchain security.

Guorui Yu,Shibin Zhao,Chao Zhang,Zhiniang Peng,Yuandong Ni,Xinhui Han

DOI: https://doi.org/10.1109/infocom42981.2021.9488749

2021-01-01

Abstract:Blockchains promise to provide a tamper-proof medium for transactions, and thus enable many applications including cryptocurrency. As a system built on consensus, the correctness of a blockchain heavily relies on the consistency of states between its nodes. But consensus protocols of blockchains only guarantee the consistency in the transaction sequence rather than nodes’ internal states. Instead, nodes must replay and exe-cute all transactions to maintain their local states independently. When executing transactions, any different execution result could cause a node out-of-sync and thus gets isolated from other nodes.After systematically modeling the transaction execution process in blockchains, we present a new attack INCITE, which can lead different nodes to different states. Specifically, attackers could invoke an ambiguous transaction of a vulnerable smart contract, utilize software bugs in smart contracts to lead nodes that execute this transaction into different states. Unlike attacks that bring short-term inconsistencies, such as fork attacks, INCITE can cause nodes in the blockchain to fall into a long-term inconsistent state, which further leads to great damages to the chain (e.g., double-spending attacks and expelling mining power). We have discovered 7 0day vulnerabilities in 5 popular blockchains which can enable this attack. We also proposed a defense solution to mitigate this threat. Experiments showed that it is effective and lightweight.

Shipeng Li,Jingwei Li,Yuxing Tang,Xiapu Luo,Zheyuan He,Zihao Li,Xi Cheng,Yang Bai,Ting Chen,Yuzhe Tang,Zhe Liu,Xiaosong Zhang

DOI: https://doi.org/10.1109/tc.2023.3248280

IF: 3.183

2023-01-01

IEEE Transactions on Computers

Abstract:Today's blockchain systems store detailed runtime information in the format of transactions and blocks, which are valuable not only to understand the finance of blockchain-based ecosystems but also to audit the security of on-chain applications. However, exploring this blockchain “big data” is challenging due to data heterogeneity and the huge amount. Existing blockchain exploration techniques are either incomplete or inefficient, making them inapt in time-sensitive applications. This paper presents ${sf BlockExplorer}$, an efficient and flexible blockchain exploration system for Ethereum. ${sf BlockExplorer}$ builds on a master-slave architecture, where the master partitions all blocks into multiple non-overlapped sets and each slave simultaneously processes Ethereum big data based on a set of blocks. ${sf BlockExplorer}$ implements a transaction-based partitioning approach to address load balance among slaves, and a code instrumentation approach to acquire complete Ethereum big data. The evaluation shows that ${sf BlockExplorer}$ accelerates the data acquisition performance of the state-of-the-art by 4.1×, while the workload difference among slaves is up to 18%. To demonstrate the application of ${sf BlockExplorer}$, we develop three apps upon ${sf BlockExplorer}$ to detect real-life attacks against Ethereum and show that our apps can detect attacks in a large range of blocks (e.g., ten million) within a short time (e.g., multiple hours).

engineering, electrical & electronic,computer science, hardware & architecture

Kenan Wood,Hammurabi Mendes,Jonad Pulaj

2024-10-30

Abstract:We present the notion of multilevel slashing, where proof-of-stake blockchain validators can obtain gradual levels of assurance that a certain block is bound to be finalized in a global consensus procedure, unless an increasing and optimally large number of Byzantine processes have their staked assets slashed -- that is, deducted -- due to provably incorrect behavior. Our construction is a highly parameterized generalization of combinatorial intersection systems based on finite projective spaces, with asymptotic high availability and optimal slashing properties. Even under weak conditions, we show that our construction has asymptotically optimal slashing properties with respect to message complexity and validator load; this result also illustrates a fundamental trade off between message complexity, load, and slashing. In addition, we show that any intersection system whose ground elements are disjoint subsets of nodes (e.g. "committees" in committee-based consensus protocols) has asymptotic high availability under similarly weak conditions. Finally, our multilevel construction gives the flexibility to blockchain validators to decide how many "levels" of finalization assurance they wish to obtain. This functionality can be seen either as (i) a form of an early, slashing-based block finalization; or (ii) a service to support reorg tolerance.

Distributed, Parallel, and Cluster Computing,Discrete Mathematics,Probability

Pengxiang Ma,Ningyu He,Yuhua Huang,Haoyu Wang,Xiapu Luo

2023-07-02

Abstract:Smart contracts play a vital role in the Ethereum ecosystem. Due to the prevalence of kinds of security issues in smart contracts, the smart contract verification is urgently needed, which is the process of matching a smart contract's source code to its on-chain bytecode for gaining mutual trust between smart contract developers and users. Although smart contract verification services are embedded in both popular Ethereum browsers (e.g., Etherscan and Blockscout) and official platforms (i.e., Sourcify), and gain great popularity in the ecosystem, their security and trustworthiness remain unclear. To fill the void, we present the first comprehensive security analysis of smart contract verification services in the wild. By diving into the detailed workflow of existing verifiers, we have summarized the key security properties that should be met, and observed eight types of vulnerabilities that can break the verification. Further, we propose a series of detection and exploitation methods to reveal the presence of vulnerabilities in the most popular services, and uncover 19 exploitable vulnerabilities in total. All the studied smart contract verification services can be abused to help spread malicious smart contracts, and we have already observed the presence of using this kind of tricks for scamming by attackers. It is hence urgent for our community to take actions to detect and mitigate security issues related to smart contract verification, a key component of the Ethereum smart contract ecosystem.

Cryptography and Security

Xuan Chen,Xincan Zhang,Zhaohan Wang,Kerun Yu,Wong Kam-Kwai,Haoyun Guo,Siming Chen

DOI: https://doi.org/10.1007/s12650-024-00969-z

IF: 1.7

2024-03-20

Journal of Visualization

Abstract:The Ethereum consensus layer provides the Proof of Stake (PoS) consensus algorithm with the beacon chain for the Ethereum blockchain network. However, the beacon chain is proved vulnerable to consensus-targeted attacks, which are difficult to detect. To address this issue, blockchain developers require an interactive tool to identify and mitigate potential security threats. Currently, most blockchain visualization solutions only display client logs or transaction records, making responding quickly to security threats challenging. This paper introduces the first visual analytics solution for security threat awareness on the Ethereum consensus layer. We cooperate with blockchain experts and investigate a top-down exploration approach, providing an overview of the general security level, as well as detailed consensus achievements in each slot. Our visual system lets users discover specific outcomes of the consensus execution and identify anomalies in the beacon chain historical data. Furthermore, the system includes two case studies of actual attacks to help developers better understand and mitigate potential security threats.

computer science, interdisciplinary applications,imaging science & photographic technology

Yuheng Huang,Haoyu Wang,Lei Wu,Gareth Tyson,Xiapu Luo,Run Zhang,Xuanzhe Liu,Gang Huang,Xuxian Jiang

DOI: https://doi.org/10.1145/3392155

2020-01-01

ACM SIGMETRICS Performance Evaluation Review

Abstract:EOSIO has become one of the most popular blockchain platforms since its mainnet launch in June 2018. In contrast to the traditional PoW-based systems (e.g., Bitcoin and Ethereum), which are limited by low throughput, EOSIO is the first high throughput Delegated Proof of Stake system that has been widely adopted by many decentralized applications. Although EOSIO has millions of accounts and billions of transactions, little is known about its ecosystem, especially related to security and fraud. In this paper, we perform a large-scale measurement study of the EOSIO blockchain and its associated DApps. We gather a large-scale dataset of EOSIO and characterize activities including money transfers, account creation and contract invocation. Using our insights, we then develop techniques to automatically detect bots and fraudulent activity. We discover thousands of bot accounts (over 30% of the accounts in the platform) and a number of real-world attacks (301 attack accounts). By the time of our study, 80 attack accounts we identified have been confirmed by DApp teams, causing 828,824 EOS tokens losses (roughly \$2.6 million) in total.

Talgar Bayan,Richard Banach

DOI: https://doi.org/10.1109/SIST58284.2023.10223536

2023-05-02

Abstract:In recent years, permissionless blockchains have gained significant attention for their ability to secure and provide transparency in transactions. The development of blockchain technology has shifted from cryptocurrency to decentralized finance, benefiting millions of unbanked individuals, and serving as the foundation of Web3, which aims to provide the next generation of the internet with data ownership for users. The rise of NFTs has also helped artists and creative workers to protect their intellectual property and reap the benefits of their work. However, privacy risks associated with permissionless blockchains have become a major concern for individuals and institutions. The role of blockchain in the transition from Web2 to Web3 is crucial, as it is rapidly evolving. As more individuals, institutions, and organizations adopt this technology, it becomes increasingly important to closely monitor the new risks associated with permissionless blockchains and provide updated solutions to mitigate them. This paper endeavors to examine the privacy risks inherent in permissionless blockchains, including Remote Procedure Call (RPC) issues, Ethereum Name Service (ENS), miner extractable value (MEV) bots, on-chain data analysis, data breaches, transaction linking, transaction metadata, and others. The existing solutions to these privacy risks, such as zero-knowledge proofs, ring signatures, Hyperledger Fabric, and stealth addresses, shall be analyzed. Finally, suggestions for the future improvement of privacy solutions in the permissionless blockchain space shall be put forward.

Cryptography and Security,Software Engineering

Cheng Xu,Yanqi Sun

DOI: https://doi.org/10.1002/mde.4152

2024-03-07

Managerial and Decision Economics

Abstract:Blockchain technology, celebrated for its transparency and immutability, has emerged as a transformative force across various industries. However, the nuanced mechanisms by which these attributes cultivate user trust remain enigmatic. This study embarks on an empirical odyssey to elucidate the multifaceted relationship between transparency, immutability, and user trust within blockchain platforms, incorporating a gender perspective to enrich the exploration. Through a pre‐registered experimental procedure involving diverse participants, we manipulate the visibility of transaction history and the immutability of records but also the complexity. Our results unveil that both transparency and immutability significantly amplify user trust, with distinct effects observed based on gender. Additionally, we uncover the underlying mediating variables that affect these relationships, providing a textured understanding of the dynamics at play. The findings extend the theoretical frontier in blockchain‐related trust research and furnish valuable insights for practitioners in the design and regulation of blockchain platforms, thus contributing to a more profound comprehension of this burgeoning technology.

economics,management

Xintong Wu,Wanling Deng,Yuotng Quan,Luyao Zhang

2024-04-26

Abstract:In the evolving landscape of digital finance, the transition from centralized to decentralized trust mechanisms, primarily driven by blockchain technology, plays a critical role in shaping the cryptocurrency ecosystem. This paradigm shift raises questions about the traditional reliance on centralized trust and introduces a novel, decentralized trust framework built upon distributed networks. Our research delves into the consequences of this shift, particularly focusing on how incidents influence trust within cryptocurrency markets, thereby affecting trade behaviors in centralized (CEXs) and decentralized exchanges (DEXs). We conduct a comprehensive analysis of various events, assessing their effects on market dynamics, including token valuation and trading volumes in both CEXs and DEXs. Our findings highlight the pivotal role of trust in directing user preferences and the fluidity of trust transfer between centralized and decentralized platforms. Despite certain anomalies, the results largely align with our initial hypotheses, revealing the intricate nature of user trust in cryptocurrency markets. This study contributes significantly to interdisciplinary research, bridging distributed systems, behavioral finance, and Decentralized Finance (DeFi). It offers valuable insights for the distributed computing community, particularly in understanding and applying distributed trust mechanisms in digital economies, paving the way for future research that could further explore the socio-economic dimensions and leverage blockchain data in this dynamic domain.

General Economics,Computational Engineering, Finance, and Science,Cryptography and Security,Computers and Society,Risk Management

Johnnatan Messias,Vabuk Pahari,Balakrishnan Chandrasekaran,Krishna P. Gummadi,Patrick Loiseau

DOI: https://doi.org/10.48550/arXiv.2302.06962

2023-05-24

Abstract:In permissionless blockchains, transaction issuers include a fee to incentivize miners to include their transactions. To accurately estimate this prioritization fee for a transaction, transaction issuers (or blockchain participants, more generally) rely on two fundamental notions of transparency, namely contention and prioritization transparency. Contention transparency implies that participants are aware of every pending transaction that will contend with a given transaction for inclusion. Prioritization transparency states that the participants are aware of the transaction or prioritization fees paid by every such contending transaction. Neither of these notions of transparency holds well today. Private relay networks, for instance, allow users to send transactions privately to miners. Besides, users can offer fees to miners via either direct transfers to miners' wallets or off-chain payments -- neither of which are public. In this work, we characterize the lack of contention and prioritization transparency in Bitcoin and Ethereum resulting from such practices. We show that private relay networks are widely used and private transactions are quite prevalent. We show that the lack of transparency facilitates miners to collude and overcharge users who may use these private relay networks despite them offering little to no guarantees on transaction prioritization. The lack of these transparencies in blockchains has crucial implications for transaction issuers as well as the stability of blockchains. Finally, we make our data sets and scripts publicly available.

Cryptography and Security

Tianle Sun,Ningyu He,Jiang Xiao,Yinliang Yue,Xiapu Luo,Haoyu Wang

2024-05-31

Abstract:In Ethereum, the practice of verifying the validity of the passed addresses is a common practice, which is a crucial step to ensure the secure execution of smart contracts. Vulnerabilities in the process of address verification can lead to great security issues, and anecdotal evidence has been reported by our community. However, this type of vulnerability has not been well studied. To fill the void, in this paper, we aim to characterize and detect this kind of emerging vulnerability. We design and implement AVVERIFIER, a lightweight taint analyzer based on static EVM opcode simulation. Its three-phase detector can progressively rule out false positives and false negatives based on the intrinsic characteristics. Upon a well-established and unbiased benchmark, AVVERIFIER can improve efficiency 2 to 5 times than the SOTA while maintaining a 94.3% precision and 100% recall. After a large-scale evaluation of over 5 million Ethereum smart contracts, we have identified 812 vulnerable smart contracts that were undisclosed by our community before this work, and 348 open source smart contracts were further verified, whose largest total value locked is over $11.2 billion. We further deploy AVVERIFIER as a real-time detector on Ethereum and Binance Smart Chain, and the results suggest that AVVERIFIER can raise timely warnings once contracts are deployed.

Cryptography and Security,Software Engineering

Pieter Hartel,Mark van Staalduinen

DOI: https://doi.org/10.48550/arXiv.1907.09208

2019-07-22

Abstract:The Ethereum blockchain is essentially a globally replicated public database. Programs called smart contracts can access this database. Over 10 million smart contracts have been deployed on the Ethereum blockchain. Executing a method of a smart contract generates a transaction that is also stored on the blockchain. There are over 1 billion Ethereum transactions to date. Smart contracts that are transparent about their function are more successful than opaque contracts. We have therefore developed a tool (ContractVis) to explore the transparency of smart contracts. The tool generates a replay script for the historic transactions of a smart contract. The script executes the transactions with the same arguments as recorded on the blockchain, but in a minimal test environment. Running a replay script provides insights into the contract, and insights into the blockchain explorer that was used to retrieve the contract and its history. We provide five concrete recommendations for blockchain explorers like Etherscan to improve the transparency of smart contracts.

Software Engineering

Ulysse Pavloff,Yackolley Amoussou-Genou,Sara Tucci-Piergiovanni

2024-06-07

Abstract:In May 2023, the Ethereum blockchain experienced its first inactivity leak, a mechanism designed to reinstate chain finalization amid persistent network disruptions. This mechanism aims to reduce the voting power of validators who are unreachable within the network, reallocating this power to active validators. This paper investigates the implications of the inactivity leak on safety within the Ethereum blockchain. Our theoretical analysis reveals scenarios where actions by Byzantine validators expedite the finalization of two conflicting branches, and instances where Byzantine validators reach a voting power exceeding the critical safety threshold of one-third. Additionally, we revisit the probabilistic bouncing attack, illustrating how the inactivity leak can result in a probabilistic breach of safety, potentially allowing Byzantine validators to exceed the one-third safety threshold. Our findings uncover how penalizing inactive nodes can compromise blockchain properties, particularly in the presence of Byzantine validators capable of coordinating actions.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Shayan Eskandari,Seyedehmahsa Moosavi,Jeremy Clark

DOI: https://doi.org/10.48550/arXiv.1902.05164

2019-04-10

Abstract:We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of the blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchains decentralized and transparent nature. In this paper, we draw from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of <a class="link-external link-http" href="http://Status.im" rel="external noopener nofollow">this http URL</a> initial coin offering (ICO) and show evidence of abnormal miners behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

Cryptography and Security,Computers and Society,Social and Information Networks

Joerg Osterrieder,Stephen Chan,Jeffrey Chu,Yuanyuan Zhang,Branka Hadji Misheva,Codruta Mare

2024-02-17

Abstract:Blockchain technology, a foundational distributed ledger system, enables secure and transparent multi-party transactions. Despite its advantages, blockchain networks are susceptible to anomalies and frauds, posing significant risks to their integrity and security. This paper offers a detailed examination of blockchain's key definitions and properties, alongside a thorough analysis of the various anomalies and frauds that undermine these networks. It describes an array of detection and prevention strategies, encompassing statistical and machine learning methods, game-theoretic solutions, digital forensics, reputation-based systems, and comprehensive risk assessment techniques. Through case studies, we explore practical applications of anomaly and fraud detection in blockchain networks, extracting valuable insights and implications for both current practice and future research. Moreover, we spotlight emerging trends and challenges within the field, proposing directions for future investigation and technological development. Aimed at both practitioners and researchers, this paper seeks to provide a technical, in-depth overview of anomaly and fraud detection within blockchain networks, marking a significant step forward in the search for enhanced network security and reliability.

Cryptography and Security,General Finance