Computer Science > Cryptography and Security
[Submitted on 3 Apr 2019 (this version), latest version 30 Jul 2019 (v2)]
Title:Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum
View PDFAbstract:We performed the first systematic study of a new attack on Ethereum to steal cryptocurrency. The attack is due to the unprotected JSON-RPC endpoints existed on Ethereum nodes that could be exploited by attackers to transfer Ether and other ERC20 tokens to attackers-controlled accounts.
This study sheds light on the attack, including malicious behaviors involved and profits of attackers. Specifically, we first designed and implemented a honeypot that could capture real attacks in the wild. We then deployed the honeypot on the Internet and reported the results of the collected data in a period of six months. In total, our system captured more than 308 million RPC requests, coming from 1,072 distinct IP addresses. We further grouped attackers into 36 groups with 59 distinct Ethereum accounts. Among them, attackers from 34 groups were stealing the Ether, while other 2 groups were targeting ERC20 tokens. The further behavior analysis showed that attackers were following a three-steps pattern to steal the Ether. Moreover, we observed an interesting type of transaction called zero gas transaction, which has been leveraged by attackers to steal ERC20 tokens. At last, we estimated the overall profits of attackers. To engage the whole community, we will release the dataset of all captured attacks by our system.
Submission history
From: Yajin Zhou [view email][v1] Wed, 3 Apr 2019 12:48:29 UTC (2,316 KB)
[v2] Tue, 30 Jul 2019 17:32:35 UTC (3,880 KB)
References & Citations
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.