Tech

“Follow the money!” $2 Billion in Crypto Scams Found on Ethereum

Published

7 months ago

on

Online criminals are making huge profits – billions of dollars over the past seven years – by exploiting the public’s unfamiliarity with cryptocurrency and blockchain technology, according to a new study.

The discovery of $2 billion in illicit profits spread across 91 digital wallets on the Ethereum blockchain was made by Georgia Tech Ph.D. alumnus Mingxuan Yao and his faculty advisor, an associate professor Brendan Cheese Skipper.

The pair spent six months examining millions of smart contract transactions and developed CoCo, an open source tool that can identify fraud on Ethereum in real time.

Through their research Yao and Saltaformaggio found that smart contracts are being abused by anonymous cybercriminals on a much larger scale than previously known. Running a pool of 157 confirmed fraudulent contracts via Coco uncovered an additional 1.2 million unreported smart contracts.

Researchers from Georgia Tech’s CyFI Lab meet to discuss ongoing projects. Photo by Kevin Beasley/College of Computing

The work was performed at Georgia Tech Cyber ​​Forensic Innovation Laboratory (CyFI).a collaboration between School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering (ECE). The lab specializes in digital forensics and has used its expertise to investigate smart contract fraud on the prominent public cryptocurrency blockchain Ethereum.

One of Ethereum’s biggest selling points is smart contracts, programs that automatically execute cryptocurrency transactions and eliminate the need for bankers, brokers, or other third parties. However, through their new tool, Yao and Saltaformaggio discovered that 2.6 million Ethereum cryptocurrencies, equivalent to $2 billion, have been illicitly collected via smart contracts since September 2017.

While regulators, law enforcement and researchers have been aware of cryptocurrency scams and fraudulent smart contracts for some time, specific data has been difficult to pin down before now.

Layers of blockchain fraud have made it difficult to track fraudulent contracts and link them to associated digital wallets. Since the Ethereum blockchain is decentralized, there is no customer support and it is up to users to police the blockchain and report fake contracts.

“Scammers are creating one-off smart contracts to avoid being reported,” Saltaformaggio said. “Cutting-edge technologies that track crypto fraud focus on one contract at a time. This creates a problem because burner accounts exist, and burner accounts can create multiple burners.

Smart contracts are also irreversible, so there is no refund option and no way to stop automatic payments. The added anonymity of blockchain transactions makes it nearly impossible to recover stolen money.

CyFI Lab reported the fraudulent accounts to the Federal Bureau of Investigation (FBI) and others Etherscana block explorer and analytics platform for Ethereum.

The work done in Cyber ​​Forensic Innovation Laboratory (CyFI). ranges from research in the field of cyber forensics and computer system security to key applications in the control of untrusted/malicious software and the protection of critical IT infrastructures. Photo by Kevin Beasley/College of Computing

“The decentralized nature of Ethereum makes it difficult to hold anyone accountable,” Yao said. “No one has direct control over the product once it is in operation. This makes it attractive to scammers because no one can control them.”

Yao’s next project is to try to identify the owners of the 91 digital wallets responsible for 1.2 million fraudulent contracts and report them to the authorities. Despite the anonymity of blockchain purchases, there is still forensic evidence that can lead to the person or people responsible for the fraud.

CyFI Lab’s new tool combines malicious code analysis with blockchain transactions and can be used by third-party cryptocurrency markets to detect fraud in real time. The researchers made CoCo’s open source software available on Github for blockchain investigators, users and third-party cryptocurrency companies.

More details on these results will be presented at the end of May during the 45th IEEE Symposium on Security and Privacy in San Francisco, California.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version