research-article

Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange

Authors:

Guoai XuAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 5, Issue 3

Article No.: 39, Pages 1 - 26

https://doi.org/10.1145/3491051

Published: 15 December 2021 Publication History

Abstract

The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Beyond centralized exchanges (CEXs), decentralized exchanges (DEXs) are introduced to allow users to trade cryptocurrency without transferring the custody of their digital assets to the middlemen, thus eliminating the security and privacy issues of traditional CEX. Uniswap, as the most prominent cryptocurrency DEX, is continuing to attract scammers, with fraudulent cryptocurrencies flooding in the ecosystem. In this paper, we take the first step to detect and characterize scam tokens on Uniswap. We first collect all the transactions related to Uniswap V2 exchange and investigate the landscape of cryptocurrency trading on Uniswap from different perspectives. Then, we propose an accurate approach for flagging scam tokens on Uniswap based on a guilt-by-association heuristic and a machine-learning powered technique. We have identified over 10K scam tokens listed on Uniswap, which suggests that roughly 50% of the tokens listed on Uniswap are scam tokens. All the scam tokens and liquidity pools are created specialized for the "rug pull" scams, and some scam tokens have embedded tricks and backdoors in the smart contracts. We further observe that thousands of collusion addresses help carry out the scams in league with the scam token/pool creators. The scammers have gained a profit of at least $16 million from 39,762 potential victims. Our observations in this paper suggest the urgency to identify and stop scams in the decentralized finance ecosystem, and our approach can act as a whistleblower that identifies scam tokens at their early stages.

References

[1]

Balancer amm defi protocol. https://balancer.fi, 2020.

[2]

Bancor network - trade & earn. https://bancor.network, 2020.

[3]

/biz/coin - general. https://i.warosu.org/biz/thread/19213296, 2020.

[4]

Blockchain - wikipedia. https://en.wikipedia.org/wiki/Blockchain, 2020.

[5]

Browse and explore subgraphs - the graph. https://thegraph.com/explorer/, 2020.

[6]

Decentralized applications (dapps) | ethereum.org. https://ethereum.org/en/dapps/, 2020.

[7]

Decentralized finance (defi) -- uniswap is crawling with fake tokens! -- cryptocurrencies. https://personal-financial.com/2020/09/04/decentralized-finance-defi-uniswap-is-crawling-with-fake-tokens-cryptocurrencies/, 2020.

[8]

dydx. https://dydx.exchange, 2020.

[9]

Etherdelta. https://etherdelta.com, 2020.

[10]

Ethereum definition - investopedia. https://www.investopedia.com/terms/e/ethereum.asp, 2020.

[11]

Ethereum (eth) blockchain explorer. https://etherscan.io/, 2020.

[12]

Fake ethereum tokens net $53,000 in just 30 minutes. https://decrypt.co/49208/fake-ethereum-tokens-net-53000-in-just-30-minutes, 2020.

[13]

Fake tokens continue to plague uniswap. https://cointelegraph.com/news/fake-tokens-continue-to-plague-uniswap, 2020.

[14]

Idex high-performance decentralized exchange. https://idex.io, 2020.

[15]

Keep3r. https://keep3r.network/, 2020.

[16]

Pools | uniswap. https://docs.uniswap.org/protocol/V2/concepts/core-concepts/pools, 2020.

[17]

Pump and dump. https://www.investopedia.com/terms/p/pumpanddump.asp, 2020.

[18]

Rug pull | coinmarketcap. https://coinmarketcap.com/alexandria/glossary/rug-pull, 2020.

[19]

Uniswap | home. https://uniswap.org, 2020.

[20]

Uniswap users rush back to sushiswap after uni rewards end. https://cryptobriefing.com/uniswap-users-rush-back-sushiswap-after-uni-rewards-end/, 2020.

[21]

Yearn. https://yearn.finance/, 2020.

[22]

Automated market maker (amm). https://coinmarketcap.com/alexandria/glossary/automated-market-maker-amm, 2021.

[23]

Binance smart chain - binance.org. https://www.binance.org/en/smartChain, 2021.

[24]

Bore token. https://bnbvault.finance, 2021.

[25]

Certik blockchain security leaderboard. https://www.certik.org/, 2021.

[26]

Coinmarketcap: Cryptocurrency prices, charts and market capitalizations. https://coinmarketcap.com/, 2021.

[27]

Hack brief: Hackers stole $40 million from binance cryptocurrency exchange. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/, 2021.

[28]

Hacked! malicious group leaks data of 161,400 crypto traders on buyucoin. https://www.financemagnates.com/cryptocurrency/news/hacked-malicious-group-leaks-data-of-161400-crypto-traders-on-buyucoin/, 2021.

[29]

North korean hackers accused of "biggest cryptocurrency theft of 2020'-their heists are now worth $1.75 billion. https://www.forbes.com/sites/thomasbrewster/2021/02/09/north-korean-hackers-accused-of-biggest-cryptocurrency-theft-of-2020-their-heists-are-now-worth-175-billion/'sh=67dd69885b0b, 2021.

[30]

Uniswap analytics. https://v2.info.uniswap.org/home, 2021.

[31]

Uniswap is not always rainbows and unicorns - here's how to recognize a uniswap scam. https://blog.blockbank.ai/uniswap-is-not-always-rainbows-and-unicorns-heres-how-to-recognize-a-uniswap-scam-cb85f84a741e, 2021.

[32]

Robert Annessi and Ethan Fast. Improving security for users of decentralized exchanges through multiparty computation. arXiv preprint arXiv:2106.10972, 2021.

[33]

Emad Badawi, Guy-Vincent Jourdan, Gregor Bochmann, and Iosif-Viorel Onut. An automatic detection and analysis of the bitcoin generator scam. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), 2020.

[34]

Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. Future Generation Computer Systems, 102:259--277, 2020.

Digital Library

[35]

Massimo Bartoletti, Barbara Pes, and Sergio Serusi. Data mining for detecting bitcoin ponzi schemes. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), pages 75--84. IEEE, 2018.

[36]

Carsten Baum, Bernardo David, and Tore Kasper Frederiksen. P2dex: privacy-preserving decentralized cryptocurrency exchange. In International Conference on Applied Cryptography and Network Security, pages 163--194. Springer, 2021.

Digital Library

[37]

Lingyu Bian, Linlin Zhang, Kai Zhao, Hao Wang, and Shengjia Gong. Image-based scam detection method using an attention capsule network. IEEE Access, 2021.

[38]

Naratorn Boonpeam, Warodom Werapun, and Tanakorn Karode. The arbitrage system on decentralized exchanges. In 2021 18th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2021.

[39]

Leo Breiman. Random forests. Machine learning, 45(1):5--32, 2001.

Digital Library

[40]

Giulio Caldarelli and Joshua Ellul. The blockchain oracle problem in decentralized finance-a multivocal approach. 2021.

[41]

Agostino Capponi and Ruizhe Jia. The adoption of blockchain-based decentralized exchanges, 2021.

[42]

Chih-Chung Chang and Chih-Jen Lin. Libsvm: a library for support vector machines. ACM transactions on intelligent systems and technology (TIST), 2(3):1--27, 2011.

[43]

Tianqi Chen and Carlos Guestrin. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pages 785--794, 2016.

Digital Library

[44]

Weili Chen, Xiongfeng Guo, Zhiguang Chen, Zibin Zheng, and Yutong Lu. Phishing scam detection on ethereum: Towards financial security for blockchain ecosystem. In IJCAI, pages 4506--4512, 2020.

[45]

Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, and Yuren Zhou. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the 2018 World Wide Web Conference, pages 1409--1418, 2018.

Digital Library

[46]

Weili Chen, Zibin Zheng, Edith C-H Ngai, Peilin Zheng, and Yuren Zhou. Exploiting blockchain data to detect smart ponzi schemes on ethereum. IEEE Access, 7:37575--37586, 2019.

[47]

Usman W Chohan. The problems of cryptocurrency thefts and exchange shutdowns. Available at SSRN 3131702, 2018.

[48]

Stephan Dreiseitl and Lucila Ohno-Machado. Logistic regression and artificial neural network classification models: a methodology review. Journal of biomedical informatics, 35(5--6):352--359, 2002.

[49]

Amir Feder, Neil Gandal, JT Hamrick, and Tyler Moore. The impact of ddos and other security shocks on bitcoin currency exchanges: Evidence from mt. gox. Journal of Cybersecurity, 3(2):137--144, 2017.

[50]

Bingyu Gao, Haoyu Wang, Pengcheng Xia, Siwei Wu, Yajin Zhou, Xiapu Luo, and Gareth Tyson. Tracking counterfeit cryptocurrency end-to-end. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 4(3):1--28, 2020.

Digital Library

[51]

Lewis Gudgeon, Daniel Perez, Dominik Harz, Benjamin Livshits, and Arthur Gervais. The decentralized financial crisis. In 2020 Crypto Valley Conference on Blockchain Technology (CVCBT), 2020.

[52]

Wan-Shiuan Hsu and Iuon-Chang Lin. Analysis and solution of exploiting vulnerabilities of smart contracts in decentralized financial applications. Communications of the CCISA, 2021.

[53]

Ru Ji, Ningyu He, Lei Wu, Haoyu Wang, Guangdong Bai, and Yao Guo. Deposafe: Demystifying the fake deposit vulnerability in ethereum smart contracts. In 2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS), pages 125--134. IEEE, 2020.

[54]

Issa M Khalil, Bei Guan, Mohamed Nabeel, and Ting Yu. A domain is only as good as its buddies: Detecting stealthy malicious domains via graph inference. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pages 330--341, 2018.

Digital Library

[55]

Chang Yeon Kim and Kyungho Lee. Risk management to cryptocurrency exchange and investors guidelines to prevent potential threats. In 2018 International Conference on Platform Technology and Service (PlatCon), pages 1--6. IEEE, 2018.

[56]

Dan Liebau and Patrick Schueffel. Crypto-currencies and icos: Are they scams? an empirical study. An Empirical Study (January 23, 2019), 2019.

[57]

Yuen Lo and Medda. Uniswap and the emergence of the decentralized exchange. Available at SSRN 3715398, 2020.

[58]

Patrick McCorry, Malte Möser, and Syed Taha Ali. Why preventing a cryptocurrency exchange heist isn't good enough. In Cambridge International Workshop on Security Protocols, pages 225--233. Springer, 2018.

[59]

Tyler Moore, Nicolas Christin, and Janos Szurdi. Revisiting the risks of bitcoin currency exchange closure. ACM Transactions on Internet Technology (TOIT), 18(4):1--18, 2018.

[60]

Kris Oosthoek. Flash crash for cash: Cyber threats in decentralized finance. arXiv preprint arXiv:2106.10740, 2021.

[61]

Ross Phillips and Heidi Wilder. Tracing cryptocurrency scams: Clustering replicated advance-fee and phishing websites. arXiv preprint arXiv:2005.14440, 2020.

[62]

Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais. Attacking the defi ecosystem with flash loans for fun and profit. arXiv preprint arXiv:2003.03810, 2020.

[63]

Silvia Sebastian and Juan Caballero. Towards attribution in mobile markets: Identifying developer account polymorphism. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 771--785, 2020.

Digital Library

[64]

Andrey Sobol. Frontrunning on automated decentralized exchange in proof of stake environment. IACR Cryptol. ePrint Arch., 2020.

[65]

Ana Tatabitovska. Mitigation of transaction manipulation attacks in uniswap. 2021.

[66]

Kentaroh Toyoda, P Takis Mathiopoulos, and Tomoaki Ohtsuki. A novel methodology for hyip operators' bitcoin addresses identification. IEEE Access, 7:74835--74848, 2019.

[67]

Marie Vasek and Tyler Moore. Analyzing the bitcoin ponzi scheme ecosystem. In International Conference on Financial Cryptography and Data Security, pages 101--112. Springer, 2018.

[68]

Bin Wang, Han Liu, Chao Liu, Zhiqiang Yang, Qian Ren, Huixuan Zheng, and Hong Lei. Blockeye: Hunting for defi attacks on blockchain. In 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 17--20. IEEE, 2021.

Digital Library

[69]

Ye Wang, Yan Chen, Shuiguang Deng, and Roger Wattenhofer. Cyclic arbitrage in decentralized exchange markets. Available at SSRN 3834535, 2021.

[70]

Yongge Wang. Automated market makers for decentralized finance (defi), 2020.

[71]

Sam M. Werner, Daniel Perez, Lewis Gudgeon, Ariah Klages-Mundt, Dominik Harz, and William J. Knottenbelt. Sok: Decentralized finance (defi), 2021.

[72]

Jiajing Wu, Qi Yuan, Dan Lin, Wei You, Weili Chen, Chuan Chen, and Zibin Zheng. Who are the phishers? phishing scam detection on ethereum via network embedding. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2020.

[73]

Siwei Wu, Dabao Wang, Jianting He, Yajin Zhou, Lei Wu, Xingliang Yuan, Qinming He, and Kui Ren. Defiranger: Detecting price manipulation attacks on defi applications. arXiv preprint arXiv:2104.15068, 2021.

[74]

Pengcheng Xia, Haoyu Wang, Bowen Zhang, Ru Ji, Bingyu Gao, Lei Wu, Xiapu Luo, and Guoai Xu. Characterizing cryptocurrency exchange scams. Computers & Security, 98:101993, 2020.

[75]

Dirk A Zetzsche, Ross P Buckley, Douglas W Arner, and Linus Föhr. The ico gold rush: It's a scam, it's a bubble, it's a super challenge for regulators. University of Luxembourg Law Working Paper, (11):17--83, 2017.

Cited By

DURMUŞ ŞENYAPAR H(2024)Cryptocurrency on Social Media: Analyzing the Digital Discourse Towards the Coin MarketSosyal Medyada Kripto Para: Coin Piyasasına Yönelik Dijital Söylemin Analiziİktisadi İdari ve Siyasal Araştırmalar Dergisi10.25204/iktisad.14190669:23(202-223)Online publication date: 29-Feb-2024
https://doi.org/10.25204/iktisad.1419066
Li KGuan SLee D(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365508852:1(89-90)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3673660.3655088
Li KGuan SLee DGaretto MMarin ACiucu FFanti GRighter R(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655088(89-90)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655088
Show More Cited By

Index Terms

Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
1. Information systems
  1. World Wide Web
    1. Web mining
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Software and application security
    1. Web application security

Recommendations

Tracking Counterfeit Cryptocurrency End-to-end
POMACS

The production of counterfeit money has a long history. It refers to the creation of imitation currency that is produced without the legal sanction of government. With the growth of the cryptocurrency ecosystem, there is expanding evidence that ...
Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
SIGMETRICS/PERFORMANCE '22: Abstract Proceedings of the 2022 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems

The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Uniswap, as the most prominent cryptocurrency decentralized exchange (DEX), is continuing to attract scammers, with fraudulent cryptocurrencies flooding ...
Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
SIGMETRICS '22

The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Uniswap, as the most prominent cryptocurrency decentralized exchange (DEX), is continuing to attract scammers, with fraudulent cryptocurrencies flooding ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 5, Issue 3

POMACS

December 2021

435 pages

EISSN:2476-1249

DOI:10.1145/3506735

Editors:
Augustin Chaintreau
Columbia University
,
Leana Golubchik
University of Southern California
,
Zhi-Li Zhang
University of Minnesota

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 December 2021

Published in POMACS Volume 5, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
1,301
Total Downloads

Downloads (Last 12 months)437
Downloads (Last 6 weeks)29

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

DURMUŞ ŞENYAPAR H(2024)Cryptocurrency on Social Media: Analyzing the Digital Discourse Towards the Coin MarketSosyal Medyada Kripto Para: Coin Piyasasına Yönelik Dijital Söylemin Analiziİktisadi İdari ve Siyasal Araştırmalar Dergisi10.25204/iktisad.14190669:23(202-223)Online publication date: 29-Feb-2024
https://doi.org/10.25204/iktisad.1419066
Li KGuan SLee D(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365508852:1(89-90)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3673660.3655088
Li KGuan SLee DGaretto MMarin ACiucu FFanti GRighter R(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655088(89-90)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655088
Li WBao LChen JGrundy JXia XYang X(2024)Market Manipulation of Cryptocurrencies: Evidence from Social Media and Transaction DataACM Transactions on Internet Technology10.1145/364381224:2(1-26)Online publication date: 18-Mar-2024
https://dl.acm.org/doi/10.1145/3643812
Huang JXia PLi JMa KTyson GLuo XWu LZhou YCai WWang HChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Unveiling the Paradox of NFT ProsperityProceedings of the ACM on Web Conference 202410.1145/3589334.3645566(167-177)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645566
Lin DWu JHuang TLin KZheng Z(2024)Who is Who on Ethereum? Account Labeling Using Heterophilic Graph Convolutional NetworkIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2023.332952054:3(1541-1553)Online publication date: Mar-2024
https://doi.org/10.1109/TSMC.2023.3329520
Liu JChen JWu JWu ZFang JZheng Z(2024)Fishing for Fraudsters: Uncovering Ethereum Phishing Gangs With Blockchain DataIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.335900019(3038-3050)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3359000
Wu JLin DFu QYang SChen TZheng ZSong B(2024)Toward Understanding Asset Flows in Crypto Money Laundering Through the Lenses of Ethereum HeistsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334627619(1994-2009)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3346276
Gunathilaka MWickramanayake SBandara H(2024)DeFiTrustExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.123913251:COnline publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.123913
Hägele S(2024)Centralized exchanges vs. decentralized exchanges in cryptocurrency markets: A systematic literature reviewElectronic Markets10.1007/s12525-024-00714-234:1Online publication date: 18-May-2024
https://doi.org/10.1007/s12525-024-00714-2
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents