Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
166 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Mapping the DeFi Crime Landscape: An Evidence-based Picture (2310.04356v2)

Published 6 Oct 2023 in cs.CR and cs.CY

Abstract: Decentralized finance (DeFi) has been the target of numerous profit-driven crimes, but the prevalence and cumulative impact of these crimes have not yet been assessed. This study provides a comprehensive assessment of profit-driven crimes targeting the DeFi sector. We collected data on 1153 crime events from 2017 to 2022. Of these, 1,048 were related to DeFi (the main focus of this study) and 105 to centralized finance (CeFi). The findings show that the entire cryptoasset industry has suffered a minimum loss of US$30B, with two thirds related to CeFi and one third to DeFi. Focusing on DeFi, a taxonomy was developed to clarify the similarities and differences among these crimes. All events were mapped onto the DeFi stack to assess the impacted technical layers, and the financial damages were quantified to gauge their scale. The results highlight that during an attack, a DeFi actor (an entity developing a DeFi technology) can serve as a direct target (due to technical vulnerabilities or exploitation of human risks), as a perpetrator (through malicious uses of contracts or market manipulations), or as an intermediary (by being imitated through, for example, phishing scams). The findings also show that DeFi actors are the first victims of crimes targeting the DeFi industry: 52.2% of events targeted them, primarily due to technical vulnerabilities at the protocol layer, and these events accounted for 83% of all financial damages. Alternatively, in 40.7% of events, DeFi actors were themselves malicious perpetrators, predominantly misusing contracts at the cryptoasset layer (e.g., rug pull scams). However, these events accounted for only 17% of all financial damages. The study offers a preliminary assessment of the size and scope of crime events within the DeFi sector and highlights the vulnerable position of DeFi actors in the ecosystem.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (71)
  1. Decentralized Finance. Journal of Financial Regulation. 2020;6(2):172–203. doi:10.1093/jfr/fjaa010.
  2. Blockchain Enabled Cyber Security: A Comprehensive Survey. In: 2022 International Conference on Computer Communication and Informatics (ICCCI). Coimbatore, India: IEEE; 2022. p. 1–6. Available from: https://doi.org/10.1109/ICCCI54379.2022.9740843.
  3. The technology of decentralized finance (DeFi). Digital Finance. 2023;doi:10.1007/s42521-023-00088-8.
  4. Available from: http://arxiv.org/abs/2106.08157.
  5. Top Cryptocurrency Exchanges Ranked By Volume;. Available from: https://coinmarketcap.com/rankings/exchanges/.
  6. Barone R, Masciandaro D. Cryptocurrency or usury? Crime and alternative money laundering techniques. European Journal of Law and Economics. 2019;47(2):233–254. doi:10.1007/s10657-019-09609-6.
  7. Hendrickson J, Luther W. Cash, crime, and cryptocurrencies. Quarterly Review of Economics and Finance. 2022;85:200–207. doi:10.1016/j.qref.2021.01.004.
  8. Smarter City: Smart Energy Grid based on Blockchain Technology. International Journal on Advanced Science, Engineering and Information Technology. 2018;8(1):298. doi:10.18517/ijaseit.8.1.4954.
  9. Nolasco Braaten C, Vaughn MS. Convenience Theory of Cryptocurrency Crime: A Content Analysis of U.S. Federal Court Decisions. Deviant Behavior. 2021;42(8):958–978. doi:10.1080/01639625.2019.1706706.
  10. Ransomware payments in the Bitcoin ecosystem. Journal of Cybersecurity. 2019;5(1):1–11. doi:10.1093/cybsec/tyz003.
  11. Spams meet Cryptocurrencies: Sextortion in the Bitcoin Ecosystem. In: Proceedings of the 1st ACM Conference on Advances in Financial Technologies. AFT ’19. New York, NY, USA: Association for Computing Machinery; 2019. p. 76–88. Available from: https://dl.acm.org/doi/10.1145/3318041.3355466.
  12. Mackenzie S. Criminology Towards the Metaverse: Cryptocurrency Scams, Grey Economy and the Technosocial. British Journal of Criminology. 2022;62(6):1537–1552. doi:10.1093/bjc/azab118.
  13. A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses. ACM Computing Surveys. 2020;53(3). doi:10.1145/3391195.
  14. Available from: http://arxiv.org/abs/2102.00626.
  15. Initial Coin Offerings: a Hybrid Empirical Review. Small Business Economics. 2023; p. 1–18. doi:10.1007/s11187-022-00726-2.
  16. Dependability Analysis of Bitcoin subject to Eclipse Attacks. International Journal of Mathematical Engineering and Management Sciences. 2021;6(2):469–479. doi:10.33889/IJMEMS.2021.6.2.028.
  17. Impact and User Perception of Sandwich Attacks in the DeFi Ecosystem. In: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. CHI ’22. New York, NY, USA: Association for Computing Machinery; 2022. p. 1–15. Available from: https://doi.org/10.1145/3491102.3517585.
  18. BLOCKEYE: Hunting for DeFi Attacks on Blockchain. In: 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). IEEE; 2021.Available from: http://dx.doi.org/10.1109/ICSE-Companion52605.2021.00025.
  19. Detecting cryptocurrency pump-and-dump frauds using market and social signals. Expert Systems with Applications. 2021;182:115284. doi:10.1016/j.eswa.2021.115284.
  20. Dissecting Ponzi schemes on Ethereum: Identification, analysis, and impact. Future Generation Computer Systems. 2020;102:259–277. doi:10.1016/j.future.2019.08.014.
  21. Available from: http://arxiv.org/abs/2108.09305.
  22. Gridley J, Seneviratne O. Significant Digits: Using Large-Scale Blockchain Data to Predict Fraudulent Addresses; 2023. Available from: http://arxiv.org/abs/2301.01809.
  23. Caldarelli G, Ellul J. The Blockchain Oracle Problem in Decentralized Finance—A Multivocal Approach. Applied Sciences. 2021;11(16):7572. doi:10.3390/app11167572.
  24. Puggioni V. Crypto rug pulls: What is a rug pull in crypto and 6 ways to spot it; 2022. Available from: https://cointelegraph.com/explained/crypto-rug-pulls-what-is-a-rug-pull-in-crypto-and-6-ways-to-spot-it.
  25. Characterizing cryptocurrency exchange scams. Computers & Security. 2020;98:101993. doi:10.1016/j.cose.2020.101993.
  26. Phillips R, Wilder H. Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites. In: 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC); 2020. p. 1–8. Available from: https://doi.org/10.1109/ICBC48266.2020.9169433.
  27. Reddy E, Minnaar A. Cryptocurrency : a tool and target for cybercrime. Southern African Journal of Criminology. 2018;31(3):71–92.
  28. Kris Oosthoek. Flash Crash for Cash: Cyber Threats in Decentralized Finance;. Available from: http://arxiv.org/abs/2106.10740.
  29. Available from: http://arxiv.org/abs/2101.08778.
  30. A Survey of Attacks on Ethereum Smart Contracts (SoK). In: Maffei M, Ryan M, editors. Principles of Security and Trust. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer; 2017. p. 164–186. Available from: https://doi.org/10.1007/978-3-662-54455-6_8.
  31. Attacks and countermeasures on blockchains: A survey from layering perspective. Computer Networks. 2021;191:107978. doi:10.1016/j.comnet.2021.107978.
  32. A survey on security in consensus and smart contracts. Peer-to-Peer Networking and Applications. 2022;15(2):1008–1028. doi:10.1007/s12083-021-01268-2.
  33. Available from: https://arxiv.org/abs/2206.11821.
  34. Available from: http://arxiv.org/abs/2208.13035.
  35. Ghaleb A. Towards Effective Static Analysis Approaches for Security Vulnerabilities in Smart Contracts. In: 37th IEEE/ACM International Conference on Automated Software Engineering. Rochester MI USA: ACM; 2022. p. 1–5. Available from: https://dl.acm.org/doi/10.1145/3551349.3559567.
  36. Available from: https://arxiv.org/abs/2209.05872v1.
  37. Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. Berlin, Heidelberg: Springer Berlin Heidelberg; 2021. p. 3–32. Available from: https://doi.org/10.1007/978-3-662-64322-8_1.
  38. Security Analysis of DeFi: Vulnerabilities, Attacks and Advances. In: 2022 IEEE International Conference on Blockchain (Blockchain). Espoo, Finland: IEEE; 2022. p. 488–493. Available from: https://doi.org/10.1109/Blockchain55522.2022.00075.
  39. Anita N, Vijayalakshmi M. Blockchain Security Attack: A Brief Survey. In: 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). Kanpur, India: IEEE; 2019. p. 1–6. Available from: https://doi.org/10.1109/ICCCNT45670.2019.8944615.
  40. Mataković IC. Crypto-Assets Illicit Activities: Theoretical Approach with Empirical Review. International e-Journal of Criminal Sciences. 2022;(17):1–30.
  41. Andryukhin AA. Phishing Attacks and Preventions in Blockchain Based Projects. In: 2019 International Conference on Engineering Technologies and Computer Science (EnT). Moscow, Russia: IEEE; 2019. p. 15–19. Available from: https://doi.org/10.1109/EnT.2019.00008.
  42. Addressing Security Issues and Future Prospects of Web 3.0. In: 2022 2nd Asian Conference on Innovation in Technology (ASIANCON). Ravet, India: IEEE; 2022. p. 1–7. Available from: https://doi.org/10.1109/ASIANCON55314.2022.9908800.
  43. A great disturbance in the crypto: Understanding cryptocurrency returns under attacks. Blockchain-Research and Applications. 2021;2(3). doi:10.1016/j.bcra.2021.100021.
  44. Kleinberg BJK Arianna Trozze. Cryptocurrencies:: Boons and curses for fraud prevention. In: A Fresh Look at Fraud. Routledge; 2022.
  45. Kamps J, Kleinberg B. To the moon: defining and detecting cryptocurrency pump-and-dumps. Crime Science. 2018;7(1):1–1. doi:doi.org/10.1186/s40163-018-0093-5.
  46. Chainalysis. The 2022 Geography of Cryptocurrency Report. Chainalysis; 2022.
  47. Available from: http://arxiv.org/abs/2109.00229.
  48. Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations. In: 2020 29th International Conference on Computer Communications and Networks (ICCCN). Honolulu, HI, USA: IEEE; 2020.Available from: https://doi.org/10.1109/ICCCN49398.2020.9209660.
  49. Do Not Rug on Me: Leveraging Machine Learning Techniques for Automated Scam Detection. Mathematics. 2022;10(6):949. doi:10.3390/math10060949.
  50. Available from: http://arxiv.org/abs/2003.06551.
  51. Naylor RT. Towards a General Theory of Profit‐Driven Crimes. The British Journal of Criminology. 2003;43(1):81–101. doi:10.1093/bjc/43.1.81.
  52. Naylor RT. Predators, Parasites, or Free-Market Pioneers: Reflections on the Nature and Analysis of Profit-Driven Crime. In: Beare ME, editor. Critical Reflections on Transnational Organized Crime, Money Laundering, and Corruption. University of Toronto Press; 2003. p. 35–54. Available from: https://www.jstor.org/stable/10.3138/9781442670242.6.
  53. De.Fi - DeFi Investing & Yield Farming Platform;. Available from: https://de.fi/rekt-database.
  54. SlowMist Hacked - SlowMist Zone;. Available from: https://hacked.slowmist.io/en/.
  55. Available from: https://cryptosec.com/.
  56. DeFi. Announcing The World’s First DeFi REKT Database; 2023. Available from: https://blog.de.fi/announcing-the-worlds-first-defi-rekt-database-271c6c2a8f7a.
  57. SlowMist;. Available from: https://slowmist.medium.com.
  58. Check Cryptocurrency Price History For The Top Coins;. Available from: https://coinmarketcap.com/historical/.
  59. South African Brothers Vanish, and So Does $3.6 Billion in Bitcoin. Bloombergcom. 2021;.
  60. Kyngäs H. Inductive Content Analysis. In: Kyngäs H, Mikkonen K, Kääriäinen M, editors. The Application of Content Analysis in Nursing Science Research. Cham: Springer International Publishing; 2020. p. 13–21. Available from: https://doi.org/10.1007/978-3-030-30199-6_2.
  61. DefiLlama;. Available from: https://defillama.com/.
  62. Statistical functions (scipy.stats) — SciPy v1.11.3 Manual;. Available from: https://docs.scipy.org/doc/scipy/reference/stats.html.
  63. Shier R. Statistics: 2.3 The Mann-Whitney U Test; 2004. Available from: https://www.lboro.ac.uk/media/media/schoolanddepartments/mlsc/downloads/2_3_mann_whitney.pdf.
  64. UCLA. FAQ How is effect size used in power analysis?;. Available from: https://stats.oarc.ucla.edu/other/mult-pkg/faq/general/effect-size-power/faqhow-is-effect-size-used-in-power-analysis/.
  65. Methodology and Application of the Kruskal-Wallis Test. Applied Mechanics and Materials. 2014;611:115–120. doi:10.4028/www.scientific.net/AMM.611.115.
  66. Tomczak E, Tomczak M. The need to report effect size estimates revisited. An overview of some recommended measures of effect size. Trends in Sport Sciences. 2014;1(21):19–25.
  67. Dunn OJ. Estimation of the Medians for Dependent Variables. The Annals of Mathematical Statistics. 1959;30(1):192–197.
  68. Dunn OJ. Multiple Comparisons among Means. Journal of the American Statistical Association. 1961;56(293):52–64. doi:10.1080/01621459.1961.10482090.
  69. Reddy E. Analysing the Investigation and Prosecution of Cryptocurrency Crime as Provided for by the South African Cybercrimes Bill. Statute Law Review. 2020;41(2):226–239. doi:10.1093/slr/hmz001.
  70. DeFi risks and the decentralisation illusion. BIS Quarterly Review. 2021;.
  71. Multiple-Layer Security Threats on the Ethereum Blockchain and Their Countermeasures. Security and Communication Networks. 2022;2022:e5307697. doi:10.1155/2022/5307697.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now