skip to main content
research-article

SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts

Authors Info & Claims
Published:04 June 2021Publication History
Skip Abstract Section

Abstract

Ponzi schemes are financial scams that lure users under the promise of high profits. With the prosperity of Bitcoin and blockchain technologies, there has been growing anecdotal evidence that this classic fraud has emerged in the blockchain ecosystem. Existing studies have proposed machine-learning based approaches for detecting Ponzi schemes, i.e., either based on the operation codes (opcodes) of the smart contract binaries or the transaction patterns of addresses. However, state-of-the-art approaches face several major limitations, including lacking interpretability and high false positive rates. Moreover, machine-learning based methods are susceptible to evasion techniques, and transaction-based techniques do not work on smart contracts that have a small number of transactions. These limitations render existing methods for detecting Ponzi schemes ineffective. In this paper, we propose SADPonzi, a semantic-aware detection approach for identifying Ponzi schemes in Ethereum smart contracts. Specifically, by strictly following the definition of Ponzi schemes, we propose a heuristic-guided symbolic execution technique to first generate the semantic information for each feasible path in smart contracts and then identify investor-related transfer behaviors and the distribution strategies adopted. Experimental result on a well-labelled benchmark suggests that SADPonzi can achieve 100% precision and recall, outperforming all existing machine-learning based techniques. We further apply SADPonzi to all 3.4 million smart contracts deployed by EOAs in Ethereum and identify 835 Ponzi scheme contracts, with over 17 million US Dollars invested by victims. Our observations confirm the urgency of identifying and mitigating Ponzi schemes in the blockchain ecosystem.

References

  1. Gini coefficient. [EB/OL]. https://en.wikipedia.org/wiki/Gini_coefficient Accessed April 4, 2020.Google ScholarGoogle Scholar
  2. DApp browser, Aug. 2020.Google ScholarGoogle Scholar
  3. Definition of Ponzi scheme, Aug. 2020.Google ScholarGoogle Scholar
  4. Inside a crypto 'ponzi': How the $6.5m banana.fund fraud unravelled, Aug 2020.Google ScholarGoogle Scholar
  5. Millions of people fell for crypto-ponzi schemes in 2019, January 2020.Google ScholarGoogle Scholar
  6. Mythril, security analysis tool for EVM bytecode, Aug. 2020.Google ScholarGoogle Scholar
  7. Oyente, static analyzer for Ethereum smart contract, Aug. 2020.Google ScholarGoogle Scholar
  8. Scam accusations - bitcointalk, Aug 2020.Google ScholarGoogle Scholar
  9. Solidity official document site, Aug. 2020.Google ScholarGoogle Scholar
  10. Solidity official site, Aug. 2020.Google ScholarGoogle Scholar
  11. Z3 prover, Aug. 2020.Google ScholarGoogle Scholar
  12. Z3 theorem prover, Aug. 2020.Google ScholarGoogle Scholar
  13. Bian is a source code level code obfuscation tool developed for solidity smart contracts., Jan. 2021.Google ScholarGoogle Scholar
  14. Elvira Albert, Jesús Correas, Pablo Gordillo, Guillermo Román-D'iez, and Albert Rubio. Gasol: Gas analysis and optimization for ethereum smart contracts. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 118--125. Springer, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Marc Artzrouni. The mathematics of ponzi schemes. Mathematical Social Sciences, 58(2):190--201, 2009.Google ScholarGoogle ScholarCross RefCross Ref
  16. Emad Badawi and G. Jourdan. Cryptocurrencies emerging threats and defensive mechanisms: A systematic literature review. IEEE Access, 8:200021--200037, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  17. Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. arXiv: Cryptography and Security, 2017.Google ScholarGoogle Scholar
  18. Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. Future Generation Computer Systems, 102:259--277, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Olivier Blanchard and Philippe Weil. Dynamic efficiency, the riskless rate, and debt ponzi games under uncertainty. The BE Journal of Macroeconomics, 1(2), 2001.Google ScholarGoogle Scholar
  20. Yazan Boshmaf, Charitha Elvitigala, Husam Al Jawaheri, Primal Wijesekera, and Mashael Al Sabah. Investigating mmm ponzi scheme on bitcoin. arXiv: Cryptography and Security, 2019.Google ScholarGoogle Scholar
  21. Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981, 2018.Google ScholarGoogle Scholar
  22. Philippe Castonguay. FairWin, a Ponzi contract, Oct. 2019.Google ScholarGoogle Scholar
  23. Jialiang Chang, Bo Gao, Hao Xiao, Jun Sun, Yan Cai, and Zijiang Yang. scompile: Critical path identification and analysis for smart contracts. In International Conference on Formal Engineering Methods, pages 286--304. Springer, 2019.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Hongge Chen, Huan Zhang, Duane S. Boning, and Cho-Jui Hsieh. Robust decision trees against adversarial examples. CoRR, abs/1902.10660, 2019.Google ScholarGoogle Scholar
  25. J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen. Defectchecker: Automated smart contract defect detection by analyzing evm bytecode. IEEE Transactions on Software Engineering (TSE), 2021.Google ScholarGoogle ScholarCross RefCross Ref
  26. Pin-Yu Chen, Huan Zhang, Yash Sharma, Jinfeng Yi, and Cho-Jui Hsieh. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec '17. Association for Computing Machinery, 2017.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Tianqi Chen and Carlos Guestrin. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pages 785--794, 2016.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Ting Chen, Youzheng Feng, Zihao Li, Hao Zhou, Xiapu Luo, Xiaoqi Li, Xiuzhuo Xiao, Jiachi Chen, and Xiaosong Zhang. GasChecker: Scalable analysis for discovering gas-inefficient smart contracts. IEEE Transactions on Emerging Topics in Computing, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  29. Ting Chen, Zihao Li, Hao Zhou, Jiachi Chen, Xiapu Luo, Xiaoqi Li, and Xiaosong Zhang. Towards saving money in using smart contracts. In Proceedings of IEEE/ACM International Conference on Software Engineering(ICSE), 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Ting Chen, Yufei Zhang, Zihao Li, Xiapu Luo, Ting Wang, Rong Cao, Xiuzhuo Xiao, and Xiaosong Zhang. Tokenscope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2019.Google ScholarGoogle Scholar
  31. Ting Chen, Yuxiao Zhu, Zihao Li, Jiachi Chen, Xiaoqi Li, Xiapu Luo, Xiaodong Lin, and Xiaosong Zhange. Understanding ethereum via graph analysis. In Proceedings of IEEE INFOCOM, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, and Yuren Zhou. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of World Wide Web Conference, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Weili Chen, Zibin Zheng, Edith C-H Ngai, Peilin Zheng, and Yuren Zhou. Exploiting blockchain data to detect smart ponzi schemes on ethereum. IEEE Access, 7:37575--37586, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  34. José R.C. Cruz. Keccak256 hash function, May. 2013.Google ScholarGoogle Scholar
  35. Josselin Feist, Gustavo Grieco, and Alex Groce. Slither: a static analysis framework for smart contracts. In International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), 2019.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Joel Frank, Cornelius Aschermann, and Thorsten Holz. Ethbmc: A bounded model checker for smart contracts. In USENIX Security Symposium (USENIX Security), 2020.Google ScholarGoogle Scholar
  37. Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. Gigahorse: thorough, declarative decompilation of smart contracts. In IEEE/ACM International Conference on Software Engineering (ICSE), pages 1176--1186, 2019.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages, 2(OOPSLA):1--27, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. N. He, R. Zhang, H. Wang, L. Wu, X. Luo, Y. Guo, T. Yu, and X. Jiang. Eosafe: Security analysis of eosio smart contracts. USENIX Security Symposium, 2021.Google ScholarGoogle Scholar
  40. Ningyu He, Lei Wu, Haoyu Wang, Yao Guo, and Xuxian Jiang. Characterizing code clones in the ethereum smart contract ecosystem. In International Conference on Financial Cryptography and Data Security, pages 654--675, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon Moore, Daejun Park, Yi Zhang, Andrei Stefanescu, et al. Kevm: A complete formal semantics of the ethereum virtual machine. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pages 204--217. IEEE, 2018.Google ScholarGoogle ScholarCross RefCross Ref
  42. Eunjin Jung, Marion Le Tilly, Ashish Gehani, and Yunjie Ge. Data mining-based ethereum fraud detection. In 2019 IEEE International Conference on Blockchain (Blockchain), pages 266--273. IEEE, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  43. Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. Zeus: Analyzing safety of smart contracts. In NDSS, 2018.Google ScholarGoogle ScholarCross RefCross Ref
  44. Johannes Krupp and Christian Rossow. teether: Gnawing at ethereum to automatically exploit smart contracts. In 27th USENIX Security Symposium (USENIX Security 18), pages 1317--1333, Baltimore, MD, August 2018. USENIX Association.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Xi Tong Lee, Arijit Khan, Sourav Sen Gupta, Yu Hann Ong, and Xuan Liu. Measurements, analyses, and insights on the entire ethereum blockchain network. In Proceedings of The Web Conference 2020, pages 155--166, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Shlomi Linoy, Natalia Stakhanova, and Suprio Ray. De-anonymizing ethereum blockchain smart contracts through code attribution. International Journal of Network Management, page e2130, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, and Bill Roscoe. Reguard: finding reentrancy bugs in smart contracts. In IEEE/ACM International Conference on Software Engineering: Companion (ICSE-Companion), 2018.Google ScholarGoogle Scholar
  48. Han Liu, Zhiqiang Yang, Chao Liu, Yu Jiang, Wenqi Zhao, and Jiaguang Sun. Eclone: Detect semantic clones in ethereum via symbolic transaction sketch. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 900--903, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 254--269, 2016.Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 1186--1189. IEEE, 2019.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Ivica Nikoliç, Aashish Kolluri, Ilya Sergey, Prateek Saxena, and Aquinas Hobor. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of Annual Computer Security Applications Conference, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. SEC. Definition of Ponzi scheme from SEC, Jul. 2019.Google ScholarGoogle Scholar
  53. Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pages 9--16, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 67--82, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Marie Vasek and Tyler Moore. There's no free lunch, even using bitcoin: Tracking the popularity and profits of virtual currency scams. In International conference on financial cryptography and data security, pages 44--61. Springer, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  56. Marie Vasek and Tyler Moore. Analyzing the bitcoin ponzi scheme ecosystem. In International Conference on Financial Cryptography and Data Security, pages 101--112. Springer, 2018.Google ScholarGoogle Scholar
  57. Ian H Witten and Eibe Frank. Data mining: practical machine learning tools and techniques with java implementations. Acm Sigmod Record, 31(1):76--77, 2002.Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Li Yujian and Liu Bo. A normalized levenshtein distance metric. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(6):1091--1095, 2007.Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. Erays: reverse engineering ethereum's opaque smart contracts. In Proceedings of USENIX Security Symposium, pages 1371--1385, 2018.Google ScholarGoogle Scholar
  60. Anding Zhu, Peihua Fu, Qinghe Zhang, and Zhenyue Chen. Ponzi scheme diffusion in complex networks. Physica A: Statistical Mechanics and its Applications, 479:128--136, 2017.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!