skip to main content
research-article

Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange

Authors Info & Claims
Published:15 December 2021Publication History
Skip Abstract Section

Abstract

The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Beyond centralized exchanges (CEXs), decentralized exchanges (DEXs) are introduced to allow users to trade cryptocurrency without transferring the custody of their digital assets to the middlemen, thus eliminating the security and privacy issues of traditional CEX. Uniswap, as the most prominent cryptocurrency DEX, is continuing to attract scammers, with fraudulent cryptocurrencies flooding in the ecosystem. In this paper, we take the first step to detect and characterize scam tokens on Uniswap. We first collect all the transactions related to Uniswap V2 exchange and investigate the landscape of cryptocurrency trading on Uniswap from different perspectives. Then, we propose an accurate approach for flagging scam tokens on Uniswap based on a guilt-by-association heuristic and a machine-learning powered technique. We have identified over 10K scam tokens listed on Uniswap, which suggests that roughly 50% of the tokens listed on Uniswap are scam tokens. All the scam tokens and liquidity pools are created specialized for the "rug pull" scams, and some scam tokens have embedded tricks and backdoors in the smart contracts. We further observe that thousands of collusion addresses help carry out the scams in league with the scam token/pool creators. The scammers have gained a profit of at least $16 million from 39,762 potential victims. Our observations in this paper suggest the urgency to identify and stop scams in the decentralized finance ecosystem, and our approach can act as a whistleblower that identifies scam tokens at their early stages.

References

  1. Balancer amm defi protocol. https://balancer.fi, 2020.Google ScholarGoogle Scholar
  2. Bancor network - trade & earn. https://bancor.network, 2020.Google ScholarGoogle Scholar
  3. /biz/coin - general. https://i.warosu.org/biz/thread/19213296, 2020.Google ScholarGoogle Scholar
  4. Blockchain - wikipedia. https://en.wikipedia.org/wiki/Blockchain, 2020.Google ScholarGoogle Scholar
  5. Browse and explore subgraphs - the graph. https://thegraph.com/explorer/, 2020.Google ScholarGoogle Scholar
  6. Decentralized applications (dapps) | ethereum.org. https://ethereum.org/en/dapps/, 2020.Google ScholarGoogle Scholar
  7. Decentralized finance (defi) -- uniswap is crawling with fake tokens! -- cryptocurrencies. https://personal-financial.com/2020/09/04/decentralized-finance-defi-uniswap-is-crawling-with-fake-tokens-cryptocurrencies/, 2020.Google ScholarGoogle Scholar
  8. dydx. https://dydx.exchange, 2020.Google ScholarGoogle Scholar
  9. Etherdelta. https://etherdelta.com, 2020.Google ScholarGoogle Scholar
  10. Ethereum definition - investopedia. https://www.investopedia.com/terms/e/ethereum.asp, 2020.Google ScholarGoogle Scholar
  11. Ethereum (eth) blockchain explorer. https://etherscan.io/, 2020.Google ScholarGoogle Scholar
  12. Fake ethereum tokens net $53,000 in just 30 minutes. https://decrypt.co/49208/fake-ethereum-tokens-net-53000-in-just-30-minutes, 2020.Google ScholarGoogle Scholar
  13. Fake tokens continue to plague uniswap. https://cointelegraph.com/news/fake-tokens-continue-to-plague-uniswap, 2020.Google ScholarGoogle Scholar
  14. Idex high-performance decentralized exchange. https://idex.io, 2020.Google ScholarGoogle Scholar
  15. Keep3r. https://keep3r.network/, 2020.Google ScholarGoogle Scholar
  16. Pools | uniswap. https://docs.uniswap.org/protocol/V2/concepts/core-concepts/pools, 2020.Google ScholarGoogle Scholar
  17. Pump and dump. https://www.investopedia.com/terms/p/pumpanddump.asp, 2020.Google ScholarGoogle Scholar
  18. Rug pull | coinmarketcap. https://coinmarketcap.com/alexandria/glossary/rug-pull, 2020.Google ScholarGoogle Scholar
  19. Uniswap | home. https://uniswap.org, 2020.Google ScholarGoogle Scholar
  20. Uniswap users rush back to sushiswap after uni rewards end. https://cryptobriefing.com/uniswap-users-rush-back-sushiswap-after-uni-rewards-end/, 2020.Google ScholarGoogle Scholar
  21. Yearn. https://yearn.finance/, 2020.Google ScholarGoogle Scholar
  22. Automated market maker (amm). https://coinmarketcap.com/alexandria/glossary/automated-market-maker-amm, 2021.Google ScholarGoogle Scholar
  23. Binance smart chain - binance.org. https://www.binance.org/en/smartChain, 2021.Google ScholarGoogle Scholar
  24. Bore token. https://bnbvault.finance, 2021.Google ScholarGoogle Scholar
  25. Certik blockchain security leaderboard. https://www.certik.org/, 2021.Google ScholarGoogle Scholar
  26. Coinmarketcap: Cryptocurrency prices, charts and market capitalizations. https://coinmarketcap.com/, 2021.Google ScholarGoogle Scholar
  27. Hack brief: Hackers stole $40 million from binance cryptocurrency exchange. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/, 2021.Google ScholarGoogle Scholar
  28. Hacked! malicious group leaks data of 161,400 crypto traders on buyucoin. https://www.financemagnates.com/cryptocurrency/news/hacked-malicious-group-leaks-data-of-161400-crypto-traders-on-buyucoin/, 2021.Google ScholarGoogle Scholar
  29. North korean hackers accused of "biggest cryptocurrency theft of 2020'-their heists are now worth $1.75 billion. https://www.forbes.com/sites/thomasbrewster/2021/02/09/north-korean-hackers-accused-of-biggest-cryptocurrency-theft-of-2020-their-heists-are-now-worth-175-billion/'sh=67dd69885b0b, 2021.Google ScholarGoogle Scholar
  30. Uniswap analytics. https://v2.info.uniswap.org/home, 2021.Google ScholarGoogle Scholar
  31. Uniswap is not always rainbows and unicorns - here's how to recognize a uniswap scam. https://blog.blockbank.ai/uniswap-is-not-always-rainbows-and-unicorns-heres-how-to-recognize-a-uniswap-scam-cb85f84a741e, 2021.Google ScholarGoogle Scholar
  32. Robert Annessi and Ethan Fast. Improving security for users of decentralized exchanges through multiparty computation. arXiv preprint arXiv:2106.10972, 2021.Google ScholarGoogle Scholar
  33. Emad Badawi, Guy-Vincent Jourdan, Gregor Bochmann, and Iosif-Viorel Onut. An automatic detection and analysis of the bitcoin generator scam. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), 2020.Google ScholarGoogle ScholarCross RefCross Ref
  34. Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. Future Generation Computer Systems, 102:259--277, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Massimo Bartoletti, Barbara Pes, and Sergio Serusi. Data mining for detecting bitcoin ponzi schemes. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), pages 75--84. IEEE, 2018.Google ScholarGoogle ScholarCross RefCross Ref
  36. Carsten Baum, Bernardo David, and Tore Kasper Frederiksen. P2dex: privacy-preserving decentralized cryptocurrency exchange. In International Conference on Applied Cryptography and Network Security, pages 163--194. Springer, 2021.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Lingyu Bian, Linlin Zhang, Kai Zhao, Hao Wang, and Shengjia Gong. Image-based scam detection method using an attention capsule network. IEEE Access, 2021.Google ScholarGoogle ScholarCross RefCross Ref
  38. Naratorn Boonpeam, Warodom Werapun, and Tanakorn Karode. The arbitrage system on decentralized exchanges. In 2021 18th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2021.Google ScholarGoogle ScholarCross RefCross Ref
  39. Leo Breiman. Random forests. Machine learning, 45(1):5--32, 2001.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Giulio Caldarelli and Joshua Ellul. The blockchain oracle problem in decentralized finance-a multivocal approach. 2021.Google ScholarGoogle ScholarCross RefCross Ref
  41. Agostino Capponi and Ruizhe Jia. The adoption of blockchain-based decentralized exchanges, 2021.Google ScholarGoogle Scholar
  42. Chih-Chung Chang and Chih-Jen Lin. Libsvm: a library for support vector machines. ACM transactions on intelligent systems and technology (TIST), 2(3):1--27, 2011.Google ScholarGoogle Scholar
  43. Tianqi Chen and Carlos Guestrin. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pages 785--794, 2016.Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Weili Chen, Xiongfeng Guo, Zhiguang Chen, Zibin Zheng, and Yutong Lu. Phishing scam detection on ethereum: Towards financial security for blockchain ecosystem. In IJCAI, pages 4506--4512, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  45. Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, and Yuren Zhou. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the 2018 World Wide Web Conference, pages 1409--1418, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Weili Chen, Zibin Zheng, Edith C-H Ngai, Peilin Zheng, and Yuren Zhou. Exploiting blockchain data to detect smart ponzi schemes on ethereum. IEEE Access, 7:37575--37586, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  47. Usman W Chohan. The problems of cryptocurrency thefts and exchange shutdowns. Available at SSRN 3131702, 2018.Google ScholarGoogle Scholar
  48. Stephan Dreiseitl and Lucila Ohno-Machado. Logistic regression and artificial neural network classification models: a methodology review. Journal of biomedical informatics, 35(5--6):352--359, 2002.Google ScholarGoogle Scholar
  49. Amir Feder, Neil Gandal, JT Hamrick, and Tyler Moore. The impact of ddos and other security shocks on bitcoin currency exchanges: Evidence from mt. gox. Journal of Cybersecurity, 3(2):137--144, 2017.Google ScholarGoogle ScholarCross RefCross Ref
  50. Bingyu Gao, Haoyu Wang, Pengcheng Xia, Siwei Wu, Yajin Zhou, Xiapu Luo, and Gareth Tyson. Tracking counterfeit cryptocurrency end-to-end. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 4(3):1--28, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Lewis Gudgeon, Daniel Perez, Dominik Harz, Benjamin Livshits, and Arthur Gervais. The decentralized financial crisis. In 2020 Crypto Valley Conference on Blockchain Technology (CVCBT), 2020.Google ScholarGoogle ScholarCross RefCross Ref
  52. Wan-Shiuan Hsu and Iuon-Chang Lin. Analysis and solution of exploiting vulnerabilities of smart contracts in decentralized financial applications. Communications of the CCISA, 2021.Google ScholarGoogle Scholar
  53. Ru Ji, Ningyu He, Lei Wu, Haoyu Wang, Guangdong Bai, and Yao Guo. Deposafe: Demystifying the fake deposit vulnerability in ethereum smart contracts. In 2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS), pages 125--134. IEEE, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  54. Issa M Khalil, Bei Guan, Mohamed Nabeel, and Ting Yu. A domain is only as good as its buddies: Detecting stealthy malicious domains via graph inference. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pages 330--341, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Chang Yeon Kim and Kyungho Lee. Risk management to cryptocurrency exchange and investors guidelines to prevent potential threats. In 2018 International Conference on Platform Technology and Service (PlatCon), pages 1--6. IEEE, 2018.Google ScholarGoogle ScholarCross RefCross Ref
  56. Dan Liebau and Patrick Schueffel. Crypto-currencies and icos: Are they scams? an empirical study. An Empirical Study (January 23, 2019), 2019.Google ScholarGoogle ScholarCross RefCross Ref
  57. Yuen Lo and Medda. Uniswap and the emergence of the decentralized exchange. Available at SSRN 3715398, 2020.Google ScholarGoogle Scholar
  58. Patrick McCorry, Malte Möser, and Syed Taha Ali. Why preventing a cryptocurrency exchange heist isn't good enough. In Cambridge International Workshop on Security Protocols, pages 225--233. Springer, 2018.Google ScholarGoogle ScholarCross RefCross Ref
  59. Tyler Moore, Nicolas Christin, and Janos Szurdi. Revisiting the risks of bitcoin currency exchange closure. ACM Transactions on Internet Technology (TOIT), 18(4):1--18, 2018.Google ScholarGoogle Scholar
  60. Kris Oosthoek. Flash crash for cash: Cyber threats in decentralized finance. arXiv preprint arXiv:2106.10740, 2021.Google ScholarGoogle Scholar
  61. Ross Phillips and Heidi Wilder. Tracing cryptocurrency scams: Clustering replicated advance-fee and phishing websites. arXiv preprint arXiv:2005.14440, 2020.Google ScholarGoogle Scholar
  62. Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais. Attacking the defi ecosystem with flash loans for fun and profit. arXiv preprint arXiv:2003.03810, 2020.Google ScholarGoogle Scholar
  63. Silvia Sebastian and Juan Caballero. Towards attribution in mobile markets: Identifying developer account polymorphism. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 771--785, 2020.Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Andrey Sobol. Frontrunning on automated decentralized exchange in proof of stake environment. IACR Cryptol. ePrint Arch., 2020.Google ScholarGoogle Scholar
  65. Ana Tatabitovska. Mitigation of transaction manipulation attacks in uniswap. 2021.Google ScholarGoogle Scholar
  66. Kentaroh Toyoda, P Takis Mathiopoulos, and Tomoaki Ohtsuki. A novel methodology for hyip operators' bitcoin addresses identification. IEEE Access, 7:74835--74848, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  67. Marie Vasek and Tyler Moore. Analyzing the bitcoin ponzi scheme ecosystem. In International Conference on Financial Cryptography and Data Security, pages 101--112. Springer, 2018.Google ScholarGoogle Scholar
  68. Bin Wang, Han Liu, Chao Liu, Zhiqiang Yang, Qian Ren, Huixuan Zheng, and Hong Lei. Blockeye: Hunting for defi attacks on blockchain. In 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 17--20. IEEE, 2021.Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Ye Wang, Yan Chen, Shuiguang Deng, and Roger Wattenhofer. Cyclic arbitrage in decentralized exchange markets. Available at SSRN 3834535, 2021.Google ScholarGoogle Scholar
  70. Yongge Wang. Automated market makers for decentralized finance (defi), 2020.Google ScholarGoogle Scholar
  71. Sam M. Werner, Daniel Perez, Lewis Gudgeon, Ariah Klages-Mundt, Dominik Harz, and William J. Knottenbelt. Sok: Decentralized finance (defi), 2021.Google ScholarGoogle Scholar
  72. Jiajing Wu, Qi Yuan, Dan Lin, Wei You, Weili Chen, Chuan Chen, and Zibin Zheng. Who are the phishers? phishing scam detection on ethereum via network embedding. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  73. Siwei Wu, Dabao Wang, Jianting He, Yajin Zhou, Lei Wu, Xingliang Yuan, Qinming He, and Kui Ren. Defiranger: Detecting price manipulation attacks on defi applications. arXiv preprint arXiv:2104.15068, 2021.Google ScholarGoogle Scholar
  74. Pengcheng Xia, Haoyu Wang, Bowen Zhang, Ru Ji, Bingyu Gao, Lei Wu, Xiapu Luo, and Guoai Xu. Characterizing cryptocurrency exchange scams. Computers & Security, 98:101993, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  75. Dirk A Zetzsche, Ross P Buckley, Douglas W Arner, and Linus Föhr. The ico gold rush: It's a scam, it's a bubble, it's a super challenge for regulators. University of Luxembourg Law Working Paper, (11):17--83, 2017.Google ScholarGoogle Scholar

Index Terms

  1. Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!