Reference : The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/39687
The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
English
Ferreira Torres, Christof mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Steichen, Mathis mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
State, Radu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
2019
USENIX Security Symposium, Santa Clara, 14-16 August 2019
Yes
28th USENIX Security Symposium
from 14-08-2019 to 16-08-2019
[en] Symbolic execution ; Smart contracts ; Honeypots
[en] Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise, where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying seemingly vulnerable contracts that contain hidden traps. This new type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypot smart contracts, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HoneyBadger - a tool that employs symbolic execution and well defined heuristics to expose honeypots. We perform a large-scale analysis on more than 2 million smart contracts and show that our tool not only achieves high precision, but is also highly efficient. We identify 690 honeypot smart contracts as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots.
http://hdl.handle.net/10993/39687

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
HoneyBadger_USENIX_2019_Final.pdfAuthor preprint532.91 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.