Abstract
The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Beyond centralized exchanges (CEXs), decentralized exchanges (DEXs) are introduced to allow users to trade cryptocurrency without transferring the custody of their digital assets to the middlemen, thus eliminating the security and privacy issues of traditional CEX. Uniswap, as the most prominent cryptocurrency DEX, is continuing to attract scammers, with fraudulent cryptocurrencies flooding in the ecosystem. In this paper, we take the first step to detect and characterize scam tokens on Uniswap. We first collect all the transactions related to Uniswap V2 exchange and investigate the landscape of cryptocurrency trading on Uniswap from different perspectives. Then, we propose an accurate approach for flagging scam tokens on Uniswap based on a guilt-by-association heuristic and a machine-learning powered technique. We have identified over 10K scam tokens listed on Uniswap, which suggests that roughly 50% of the tokens listed on Uniswap are scam tokens. All the scam tokens and liquidity pools are created specialized for the "rug pull" scams, and some scam tokens have embedded tricks and backdoors in the smart contracts. We further observe that thousands of collusion addresses help carry out the scams in league with the scam token/pool creators. The scammers have gained a profit of at least $16 million from 39,762 potential victims. Our observations in this paper suggest the urgency to identify and stop scams in the decentralized finance ecosystem, and our approach can act as a whistleblower that identifies scam tokens at their early stages.
- Balancer amm defi protocol. https://balancer.fi, 2020.Google Scholar
- Bancor network - trade & earn. https://bancor.network, 2020.Google Scholar
- /biz/coin - general. https://i.warosu.org/biz/thread/19213296, 2020.Google Scholar
- Blockchain - wikipedia. https://en.wikipedia.org/wiki/Blockchain, 2020.Google Scholar
- Browse and explore subgraphs - the graph. https://thegraph.com/explorer/, 2020.Google Scholar
- Decentralized applications (dapps) | ethereum.org. https://ethereum.org/en/dapps/, 2020.Google Scholar
- Decentralized finance (defi) -- uniswap is crawling with fake tokens! -- cryptocurrencies. https://personal-financial.com/2020/09/04/decentralized-finance-defi-uniswap-is-crawling-with-fake-tokens-cryptocurrencies/, 2020.Google Scholar
- dydx. https://dydx.exchange, 2020.Google Scholar
- Etherdelta. https://etherdelta.com, 2020.Google Scholar
- Ethereum definition - investopedia. https://www.investopedia.com/terms/e/ethereum.asp, 2020.Google Scholar
- Ethereum (eth) blockchain explorer. https://etherscan.io/, 2020.Google Scholar
- Fake ethereum tokens net $53,000 in just 30 minutes. https://decrypt.co/49208/fake-ethereum-tokens-net-53000-in-just-30-minutes, 2020.Google Scholar
- Fake tokens continue to plague uniswap. https://cointelegraph.com/news/fake-tokens-continue-to-plague-uniswap, 2020.Google Scholar
- Idex high-performance decentralized exchange. https://idex.io, 2020.Google Scholar
- Keep3r. https://keep3r.network/, 2020.Google Scholar
- Pools | uniswap. https://docs.uniswap.org/protocol/V2/concepts/core-concepts/pools, 2020.Google Scholar
- Pump and dump. https://www.investopedia.com/terms/p/pumpanddump.asp, 2020.Google Scholar
- Rug pull | coinmarketcap. https://coinmarketcap.com/alexandria/glossary/rug-pull, 2020.Google Scholar
- Uniswap | home. https://uniswap.org, 2020.Google Scholar
- Uniswap users rush back to sushiswap after uni rewards end. https://cryptobriefing.com/uniswap-users-rush-back-sushiswap-after-uni-rewards-end/, 2020.Google Scholar
- Yearn. https://yearn.finance/, 2020.Google Scholar
- Automated market maker (amm). https://coinmarketcap.com/alexandria/glossary/automated-market-maker-amm, 2021.Google Scholar
- Binance smart chain - binance.org. https://www.binance.org/en/smartChain, 2021.Google Scholar
- Bore token. https://bnbvault.finance, 2021.Google Scholar
- Certik blockchain security leaderboard. https://www.certik.org/, 2021.Google Scholar
- Coinmarketcap: Cryptocurrency prices, charts and market capitalizations. https://coinmarketcap.com/, 2021.Google Scholar
- Hack brief: Hackers stole $40 million from binance cryptocurrency exchange. https://www.wired.com/story/hack-binance-cryptocurrency-exchange/, 2021.Google Scholar
- Hacked! malicious group leaks data of 161,400 crypto traders on buyucoin. https://www.financemagnates.com/cryptocurrency/news/hacked-malicious-group-leaks-data-of-161400-crypto-traders-on-buyucoin/, 2021.Google Scholar
- North korean hackers accused of "biggest cryptocurrency theft of 2020'-their heists are now worth $1.75 billion. https://www.forbes.com/sites/thomasbrewster/2021/02/09/north-korean-hackers-accused-of-biggest-cryptocurrency-theft-of-2020-their-heists-are-now-worth-175-billion/'sh=67dd69885b0b, 2021.Google Scholar
- Uniswap analytics. https://v2.info.uniswap.org/home, 2021.Google Scholar
- Uniswap is not always rainbows and unicorns - here's how to recognize a uniswap scam. https://blog.blockbank.ai/uniswap-is-not-always-rainbows-and-unicorns-heres-how-to-recognize-a-uniswap-scam-cb85f84a741e, 2021.Google Scholar
- Robert Annessi and Ethan Fast. Improving security for users of decentralized exchanges through multiparty computation. arXiv preprint arXiv:2106.10972, 2021.Google Scholar
- Emad Badawi, Guy-Vincent Jourdan, Gregor Bochmann, and Iosif-Viorel Onut. An automatic detection and analysis of the bitcoin generator scam. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), 2020.Google Scholar
Cross Ref
- Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. Dissecting ponzi schemes on ethereum: identification, analysis, and impact. Future Generation Computer Systems, 102:259--277, 2020.Google Scholar
Digital Library
- Massimo Bartoletti, Barbara Pes, and Sergio Serusi. Data mining for detecting bitcoin ponzi schemes. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), pages 75--84. IEEE, 2018.Google Scholar
Cross Ref
- Carsten Baum, Bernardo David, and Tore Kasper Frederiksen. P2dex: privacy-preserving decentralized cryptocurrency exchange. In International Conference on Applied Cryptography and Network Security, pages 163--194. Springer, 2021.Google Scholar
Digital Library
- Lingyu Bian, Linlin Zhang, Kai Zhao, Hao Wang, and Shengjia Gong. Image-based scam detection method using an attention capsule network. IEEE Access, 2021.Google Scholar
Cross Ref
- Naratorn Boonpeam, Warodom Werapun, and Tanakorn Karode. The arbitrage system on decentralized exchanges. In 2021 18th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2021.Google Scholar
Cross Ref
- Leo Breiman. Random forests. Machine learning, 45(1):5--32, 2001.Google Scholar
Digital Library
- Giulio Caldarelli and Joshua Ellul. The blockchain oracle problem in decentralized finance-a multivocal approach. 2021.Google Scholar
Cross Ref
- Agostino Capponi and Ruizhe Jia. The adoption of blockchain-based decentralized exchanges, 2021.Google Scholar
- Chih-Chung Chang and Chih-Jen Lin. Libsvm: a library for support vector machines. ACM transactions on intelligent systems and technology (TIST), 2(3):1--27, 2011.Google Scholar
- Tianqi Chen and Carlos Guestrin. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pages 785--794, 2016.Google Scholar
Digital Library
- Weili Chen, Xiongfeng Guo, Zhiguang Chen, Zibin Zheng, and Yutong Lu. Phishing scam detection on ethereum: Towards financial security for blockchain ecosystem. In IJCAI, pages 4506--4512, 2020.Google Scholar
Cross Ref
- Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, and Yuren Zhou. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the 2018 World Wide Web Conference, pages 1409--1418, 2018.Google Scholar
Digital Library
- Weili Chen, Zibin Zheng, Edith C-H Ngai, Peilin Zheng, and Yuren Zhou. Exploiting blockchain data to detect smart ponzi schemes on ethereum. IEEE Access, 7:37575--37586, 2019.Google Scholar
Cross Ref
- Usman W Chohan. The problems of cryptocurrency thefts and exchange shutdowns. Available at SSRN 3131702, 2018.Google Scholar
- Stephan Dreiseitl and Lucila Ohno-Machado. Logistic regression and artificial neural network classification models: a methodology review. Journal of biomedical informatics, 35(5--6):352--359, 2002.Google Scholar
- Amir Feder, Neil Gandal, JT Hamrick, and Tyler Moore. The impact of ddos and other security shocks on bitcoin currency exchanges: Evidence from mt. gox. Journal of Cybersecurity, 3(2):137--144, 2017.Google Scholar
Cross Ref
- Bingyu Gao, Haoyu Wang, Pengcheng Xia, Siwei Wu, Yajin Zhou, Xiapu Luo, and Gareth Tyson. Tracking counterfeit cryptocurrency end-to-end. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 4(3):1--28, 2020.Google Scholar
Digital Library
- Lewis Gudgeon, Daniel Perez, Dominik Harz, Benjamin Livshits, and Arthur Gervais. The decentralized financial crisis. In 2020 Crypto Valley Conference on Blockchain Technology (CVCBT), 2020.Google Scholar
Cross Ref
- Wan-Shiuan Hsu and Iuon-Chang Lin. Analysis and solution of exploiting vulnerabilities of smart contracts in decentralized financial applications. Communications of the CCISA, 2021.Google Scholar
- Ru Ji, Ningyu He, Lei Wu, Haoyu Wang, Guangdong Bai, and Yao Guo. Deposafe: Demystifying the fake deposit vulnerability in ethereum smart contracts. In 2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS), pages 125--134. IEEE, 2020.Google Scholar
Cross Ref
- Issa M Khalil, Bei Guan, Mohamed Nabeel, and Ting Yu. A domain is only as good as its buddies: Detecting stealthy malicious domains via graph inference. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pages 330--341, 2018.Google Scholar
Digital Library
- Chang Yeon Kim and Kyungho Lee. Risk management to cryptocurrency exchange and investors guidelines to prevent potential threats. In 2018 International Conference on Platform Technology and Service (PlatCon), pages 1--6. IEEE, 2018.Google Scholar
Cross Ref
- Dan Liebau and Patrick Schueffel. Crypto-currencies and icos: Are they scams? an empirical study. An Empirical Study (January 23, 2019), 2019.Google Scholar
Cross Ref
- Yuen Lo and Medda. Uniswap and the emergence of the decentralized exchange. Available at SSRN 3715398, 2020.Google Scholar
- Patrick McCorry, Malte Möser, and Syed Taha Ali. Why preventing a cryptocurrency exchange heist isn't good enough. In Cambridge International Workshop on Security Protocols, pages 225--233. Springer, 2018.Google Scholar
Cross Ref
- Tyler Moore, Nicolas Christin, and Janos Szurdi. Revisiting the risks of bitcoin currency exchange closure. ACM Transactions on Internet Technology (TOIT), 18(4):1--18, 2018.Google Scholar
- Kris Oosthoek. Flash crash for cash: Cyber threats in decentralized finance. arXiv preprint arXiv:2106.10740, 2021.Google Scholar
- Ross Phillips and Heidi Wilder. Tracing cryptocurrency scams: Clustering replicated advance-fee and phishing websites. arXiv preprint arXiv:2005.14440, 2020.Google Scholar
- Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais. Attacking the defi ecosystem with flash loans for fun and profit. arXiv preprint arXiv:2003.03810, 2020.Google Scholar
- Silvia Sebastian and Juan Caballero. Towards attribution in mobile markets: Identifying developer account polymorphism. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pages 771--785, 2020.Google Scholar
Digital Library
- Andrey Sobol. Frontrunning on automated decentralized exchange in proof of stake environment. IACR Cryptol. ePrint Arch., 2020.Google Scholar
- Ana Tatabitovska. Mitigation of transaction manipulation attacks in uniswap. 2021.Google Scholar
- Kentaroh Toyoda, P Takis Mathiopoulos, and Tomoaki Ohtsuki. A novel methodology for hyip operators' bitcoin addresses identification. IEEE Access, 7:74835--74848, 2019.Google Scholar
Cross Ref
- Marie Vasek and Tyler Moore. Analyzing the bitcoin ponzi scheme ecosystem. In International Conference on Financial Cryptography and Data Security, pages 101--112. Springer, 2018.Google Scholar
- Bin Wang, Han Liu, Chao Liu, Zhiqiang Yang, Qian Ren, Huixuan Zheng, and Hong Lei. Blockeye: Hunting for defi attacks on blockchain. In 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pages 17--20. IEEE, 2021.Google Scholar
Digital Library
- Ye Wang, Yan Chen, Shuiguang Deng, and Roger Wattenhofer. Cyclic arbitrage in decentralized exchange markets. Available at SSRN 3834535, 2021.Google Scholar
- Yongge Wang. Automated market makers for decentralized finance (defi), 2020.Google Scholar
- Sam M. Werner, Daniel Perez, Lewis Gudgeon, Ariah Klages-Mundt, Dominik Harz, and William J. Knottenbelt. Sok: Decentralized finance (defi), 2021.Google Scholar
- Jiajing Wu, Qi Yuan, Dan Lin, Wei You, Weili Chen, Chuan Chen, and Zibin Zheng. Who are the phishers? phishing scam detection on ethereum via network embedding. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2020.Google Scholar
Cross Ref
- Siwei Wu, Dabao Wang, Jianting He, Yajin Zhou, Lei Wu, Xingliang Yuan, Qinming He, and Kui Ren. Defiranger: Detecting price manipulation attacks on defi applications. arXiv preprint arXiv:2104.15068, 2021.Google Scholar
- Pengcheng Xia, Haoyu Wang, Bowen Zhang, Ru Ji, Bingyu Gao, Lei Wu, Xiapu Luo, and Guoai Xu. Characterizing cryptocurrency exchange scams. Computers & Security, 98:101993, 2020.Google Scholar
Cross Ref
- Dirk A Zetzsche, Ross P Buckley, Douglas W Arner, and Linus Föhr. The ico gold rush: It's a scam, it's a bubble, it's a super challenge for regulators. University of Luxembourg Law Working Paper, (11):17--83, 2017.Google Scholar
Index Terms
Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
Recommendations
Tracking Counterfeit Cryptocurrency End-to-end
POMACSThe production of counterfeit money has a long history. It refers to the creation of imitation currency that is produced without the legal sanction of government. With the growth of the cryptocurrency ecosystem, there is expanding evidence that ...
Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
SIGMETRICS/PERFORMANCE '22: Abstract Proceedings of the 2022 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer SystemsThe prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Uniswap, as the most prominent cryptocurrency decentralized exchange (DEX), is continuing to attract scammers, with fraudulent cryptocurrencies flooding ...
Trade or Trick?: Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
SIGMETRICS '22The prosperity of the cryptocurrency ecosystem drives the need for digital asset trading platforms. Uniswap, as the most prominent cryptocurrency decentralized exchange (DEX), is continuing to attract scammers, with fraudulent cryptocurrencies flooding ...






Comments