Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Understanding and Characterizing the Arbitrage Bot Scam In the Wild (2310.12306v1)

Published 18 Oct 2023 in cs.CR and cs.SI

Abstract: This paper presents the first comprehensive analysis of an emerging cryptocurrency scam named "arbitrage bot" disseminated on online social networks. The scam revolves around Decentralized Exchanges (DEX) arbitrage and aims to lure victims into executing a so-called "bot contract" to steal funds from them. To collect the scam at a large scale, we developed a fully automated scam detection system named CryptoScamHunter, which continuously collects YouTube videos and automatically detects scams. Meanwhile, CryptoScamHunter can download the source code of the bot contract from the provided links and extract the associated scam cryptocurrency address. Through deploying CryptoScamHunter from Jun. 2022 to Jun. 2023, we have detected 10,442 arbitrage bot scam videos published from thousands of YouTube accounts. Our analysis reveals that different strategies have been utilized in spreading the scam, including crafting popular accounts, registering spam accounts, and using obfuscation tricks to hide the real scam address in the bot contracts. Moreover, from the scam videos we have collected over 800 malicious bot contracts with source code and extracted 354 scam addresses. By further expanding the scam addresses with a similar contract matching technique, we have obtained a total of 1,697 scam addresses. Through tracing the transactions of all scam addresses on the Ethereum mainnet and Binance Smart Chain, we reveal that over 25,000 victims have fallen prey to this scam, resulting in a financial loss of up to 15 million USD. Overall, our work sheds light on the dissemination tactics and censorship evasion strategies adopted in the arbitrage bot scam, as well as on the scale and impact of such a scam on online social networks and blockchain platforms, emphasizing the urgent need for effective detection and prevention mechanisms against such fraudulent activity.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (63)
  1. 2023a. Back-running. https://www.mev.wiki/attack-examples/back-running. (June 2023).
  2. 2023b. Blockchain Explorer By Bitquery. https://explorer.bitquery.io/. (June 2023).
  3. 2023c. BscScan: BNB Smart Chain Explorer. https://bscscan.com. (June 2023).
  4. 2023d. Cloud Translation API. https://cloud.google.com/translate/docs/reference/rest. (June 2023).
  5. 2023e. CronoScan Developer APIs. https://cronoscan.com/apis. (June 2023).
  6. 2023f. demoji. https://pypi.org/project/demoji. (June 2023).
  7. 2023g. Etherscan: Ethereum (ETH) Blockchain Explorer. https://etherscan.io/. (June 2023).
  8. 2023h. FtmScan APIs - Fantom Blockchain Explorer. https://ftmscan.com/apis. (June 2023).
  9. 2023i. HashDit - Securing BNB Chain. https://www.hashdit.io/en. (June 2023).
  10. 2023j. Internet & Text Slang Dictionary. https://www.noslang.com/dictionary. (June 2023).
  11. 2023k. PolygonScan APIs. https://polygonscan.com/apis. (June 2023).
  12. 2023l. Search — YouTube Data API - Google Developers. https://developers.google.com/youtube/v3/docs/search. (June 2023).
  13. 2023m. SnowTrace APIs. https://snowtrace.io/apis. (June 2023).
  14. 2023n. urlextract - PyPI. https://pypi.org/project/urlextract. (June 2023).
  15. 2023o. YouTube Channels. https://developers.google.com/youtube/v3/docs/channels. (June 2023).
  16. Voterfraud2020: a multi-modal dataset of election fraud claims on twitter. In Proceedings of the International AAAI Conference on Web and Social Media, Vol. 15. 901–912.
  17. Twitter spam account detection based on clustering and classification methods. The Journal of Supercomputing 76 (2020), 4802–4837.
  18. An automatic detection and analysis of the bitcoin generator scam. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 407–416.
  19. Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact. Future Generation Computer Systems 102 (2020), 259–277.
  20. Cryptocurrency scams: analysis and perspectives. Ieee Access 9 (2021), 148353–148373.
  21. Data mining for detecting bitcoin ponzi schemes. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT). IEEE, 75–84.
  22. Image-based scam detection method using an attention capsule network. IEEE Access 9 (2021), 33654–33665.
  23. Elijah Bouma-Sims and Brad Reaves. 2021. A first look at scams on YouTube. arXiv preprint arXiv:2104.06515 (2021).
  24. Investigating the deceptive information in Twitter spam. Future Generation Computer Systems 72 (2017), 319–326.
  25. Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE, 332–351.
  26. Phishing Scam Detection on Ethereum: Towards Financial Security for Blockchain Ecosystem.. In IJCAI, Vol. 7. 4456–4462.
  27. Honeypot contract risk warning on ethereum smart contracts. In 2020 IEEE International Conference on Joint Cloud Computing. IEEE, 1–8.
  28. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the 2018 world wide web conference. 1409–1418.
  29. Zhouhan Chen. 2018. An unsupervised approach to detect spam campaigns that use botnets on twitter. Ph.D. Dissertation. Rice University.
  30. Using textual analysis to detect initial coin offering frauds. Journal of Forensic Accounting Research 7, 1 (2022), 165–183.
  31. Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. In 2020 IEEE Symposium on Security and Privacy (SP). 910–927. https://doi.org/10.1109/SP40000.2020.00040
  32. Tracking counterfeit cryptocurrency end-to-end. Proceedings of the ACM on Measurement and Analysis of Computing Systems 4, 3 (2020), 1–28.
  33. AllenNLP: A Deep Semantic Natural Language Processing Platform. (2018). https://doi.org/10.48550/ARXIV.1803.07640
  34. Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 1291–1305.
  35. Klaus Grobys and Juha Junttila. 2021. Speculation and lottery-like demand in cryptocurrency markets. Journal of International Financial Markets, Institutions and Money 71 (2021), 101289.
  36. Towards measuring the role of phone numbers in twitter-advertised spam. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 285–296.
  37. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 618–631.
  38. Forsage: Anatomy of a smart-contract pyramid scheme. arXiv preprint arXiv:2105.04380 (2021).
  39. Unveil: a large-scale, automated approach to detecting ransomware.. In USENIX Security symposium, Vol. 25. Austin, Texas.
  40. Understanding the Cryptocurrency Free Giveaway Scam Disseminated on Twitter Lists. (2023). arXiv:cs.CR/2306.10634
  41. Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams. Network and Distributed Systems Security (NDSS) Symposium.
  42. Daniel Liebau and Patrick Schueffel. 2019. Crypto-currencies and icos: Are they scams? an empirical study. An Empirical Study (January 23, 2019) (2019).
  43. Ready-to-(ab) use: From fake account trafficking to coordinated inauthentic behavior on Twitter. Online Social Networks and Media 31 (2022), 100224.
  44. Quoc Khanh Nguyen. 2016. Blockchain-a financial technology for future sustainable development. In 2016 3rd International conference on green technology and sustainable development (GTSD). IEEE, 51–54.
  45. Charting the landscape of online cryptocurrency manipulation. IEEE Access 8 (2020), 113230–113245.
  46. Spams meet cryptocurrencies: Sextortion in the bitcoin ecosystem. In Proceedings of the 1st ACM conference on advances in financial technologies. 76–88.
  47. Emerging cross-platform scam campaigns abusing phone numbers on online social networks. (2017).
  48. Don’t trust, verify: The economics of scams in initial coin offerings. Available at SSRN 4064453 (2022).
  49. Quantifying blockchain extractable value: How dark is the forest?. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 198–214.
  50. Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. In Financial Cryptography and Data Security, Nikita Borisov and Claudia Diaz (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 3–32.
  51. Melanie Swan et al. 2017. Anticipating the economic benefits of blockchain. Technology innovation management review 7, 10 (2017), 6–13.
  52. Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS ’22). Association for Computing Machinery, New York, NY, USA, 2751–2764. https://doi.org/10.1145/3548606.3559351
  53. Alex Tapscott and Don Tapscott. 2017. How blockchain is changing finance. Harvard Business Review 1, 9 (2017), 2–5.
  54. Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. arXiv preprint arXiv:2102.03347 (2021).
  55. The art of the scam: Demystifying honeypots in ethereum smart contracts. In 28th USENIX Security Symposium (USENIX Security 19). 1591–1607.
  56. Analyzing the uncharted territory of monetizing scam Videos on YouTube. Social Network Analysis and Mining 12, 1 (2022), 119.
  57. Iman Vakilinia. 2022. Cryptocurrency Giveaway Scam with YouTube Live Stream. In 2022 IEEE 13th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON). IEEE, 0195–0200.
  58. Towards A First Step to Understand Flash Loan and Its Applications in DeFi Ecosystem. In Proceedings of the Ninth International Workshop on Security in Blockchain and Cloud Computing (SBC ’21). Association for Computing Machinery, New York, NY, USA, 23–28. https://doi.org/10.1145/3457977.3460301
  59. Impact and user perception of sandwich attacks in the defi ecosystem. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. 1–15.
  60. Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange. Proc. ACM Meas. Anal. Comput. Syst. 5, 3, Article 39 (dec 2021), 26 pages. https://doi.org/10.1145/3491051
  61. Don’t Fish in Troubled Waters! Characterizing Coronavirus-themed Cryptocurrency Scams. In 2020 APWG Symposium on Electronic Crime Research (eCrime). 1–14. https://doi.org/10.1109/eCrime51433.2020.9493255
  62. Characterizing cryptocurrency exchange scams. Computers & Security 98 (2020), 101993.
  63. The ICO Gold Rush: It’s a scam, it’s a bubble, it’s a super challenge for regulators. University of Luxembourg Law Working Paper 11 (2017), 17–83.
Citations (8)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets