research-article
Open access
Authors: Kai Li, Shixuan Guan, Darren Lee
Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 7, Issue 3
Article No.: 52, Pages 1 - 29
Published: 12 December 2023 Publication History
Metrics
Total Citations5Total Downloads260Last 12 Months260
Last 6 weeks64
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
Manage my Alerts
New Citation Alert!
Please log in to your account
PDFeReader
- View Options
- References
- Media
- Tables
- Share
Abstract
This paper presents the first comprehensive analysis of an emerging cryptocurrency scam named "arbitrage bot" disseminated on online social networks. The scam revolves around Decentralized Exchanges (DEX) arbitrage and aims to lure victims into executing a so-called "bot contract" to steal funds from them. To entice victims and convince them of this scheme, we found that scammers have flocked to publish YouTube videos to demonstrate plausible profits and provide detailed instructions and links to the bot contract.
To collect the scam at a large scale, we developed a fully automated scam detection system namedCryptoScamHunter, which continuously collects YouTube videos and automatically detects scams. Meanwhile,CryptoScamHunter can download the source code of the bot contract from the provided links and extract the associated scam cryptocurrency address. Through deployingCryptoScamHunter from Jun. 2022 to Jun. 2023, we have detected 10,442 arbitrage bot scam videos published from thousands of YouTube accounts. Our analysis reveals that different strategies have been utilized in spreading the scam, including crafting popular accounts, registering spam accounts, and using obfuscation tricks to hide the real scam address in the bot contracts. Moreover, from the scam videos we have collected over 800 malicious bot contracts with source code and extracted 354 scam addresses. By further expanding the scam addresses with a similar contract matching technique, we have obtained a total of 1,697 scam addresses. Through tracing the transactions of all scam addresses on the Ethereum mainnet and Binance Smart Chain, we reveal that over 25,000 victims have fallen prey to this scam, resulting in a financial loss of up to 15 million USD.
Overall, our work sheds light on the dissemination tactics and censorship evasion strategies adopted in the arbitrage bot scam, as well as on the scale and impact of such a scam on online social networks and blockchain platforms, emphasizing the urgent need for effective detection and prevention mechanisms against such fraudulent activity.
References
[1]
2023. Back-running. https://www.mev.wiki/attack-examples/back-running. (June 2023).
[2]
2023. Blockchain Explorer By Bitquery. https://explorer.bitquery.io/. (June 2023).
[3]
2023. BscScan: BNB Smart Chain Explorer. https://bscscan.com. (June 2023).
[4]
2023. Cloud Translation API. https://cloud.google.com/translate/docs/reference/rest. (June 2023).
[5]
2023. CronoScan Developer APIs. https://cronoscan.com/apis. (June 2023).
[6]
2023. demoji. https://pypi.org/project/demoji. (June 2023).
[7]
2023. Etherscan: Ethereum (ETH) Blockchain Explorer. https://etherscan.io/. (June 2023).
[8]
2023. FtmScan APIs - Fantom Blockchain Explorer. https://ftmscan.com/apis. (June 2023).
[9]
2023. HashDit - Securing BNB Chain. https://www.hashdit.io/en. (June 2023).
[10]
2023. Internet & Text Slang Dictionary. https://www.noslang.com/dictionary. (June 2023).
[11]
2023. PolygonScan APIs. https://polygonscan.com/apis. (June 2023).
[12]
2023. Search | YouTube Data API - Google Developers. https://developers.google.com/youtube/v3/docs/search. (June 2023).
[13]
2023. SnowTrace APIs. https://snowtrace.io/apis. (June 2023).
[14]
2023. urlextract - PyPI. https://pypi.org/project/urlextract. (June 2023).
[15]
2023. YouTube Channels. https://developers.google.com/youtube/v3/docs/channels. (June 2023).
[16]
Anton Abilov, Yiqing Hua, Hana Matatov, Ofra Amir, and Mor Naaman. 2021. Voterfraud2020: a multi-modal dataset of election fraud claims on twitter. In Proceedings of the International AAAI Conference on Web and Social Media, Vol. 15. 901--912.
[17]
Kayode Sakariyah Adewole, Tao Han, Wanqing Wu, Houbing Song, and Arun Kumar Sangaiah. 2020. Twitter spam account detection based on clustering and classification methods. The Journal of Supercomputing 76 (2020), 4802--4837.
Digital Library
[18]
Emad Badawi, Guy-Vincent Jourdan, Gregor Bochmann, and Iosif-Viorel Onut. 2020. An automatic detection and analysis of the bitcoin generator scam. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 407--416.
[19]
Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia. 2020. Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact. Future Generation Computer Systems 102 (2020), 259--277.
Digital Library
[20]
Massimo Bartoletti, Stefano Lande, Andrea Loddo, Livio Pompianu, and Sergio Serusi. 2021. Cryptocurrency scams: analysis and perspectives. Ieee Access 9 (2021), 148353--148373.
[21]
Massimo Bartoletti, Barbara Pes, and Sergio Serusi. 2018. Data mining for detecting bitcoin ponzi schemes. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT). IEEE, 75--84.
[22]
Lingyu Bian, Linlin Zhang, Kai Zhao, Hao Wang, and Shengjia Gong. 2021. Image-based scam detection method using an attention capsule network. IEEE Access 9 (2021), 33654--33665.
[23]
Elijah Bouma-Sims and Brad Reaves. 2021. A first look at scams on YouTube. arXiv preprint arXiv:2104.06515 (2021).
[24]
Chao Chen, Sheng Wen, Jun Zhang, Yang Xiang, Jonathan Oliver, Abdulhameed Alelaiwi, and Mohammad Mehedi Hassan. 2017. Investigating the deceptive information in Twitter spam. Future Generation Computer Systems 72 (2017), 319--326.
Digital Library
[25]
Jiaqi Chen, Yibo Wang, Yuxuan Zhou, Wanning Ding, Yuzhe Tang, XiaoFeng Wang, and Kai Li. 2023. Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE, 332--351.
[26]
Weili Chen, Xiongfeng Guo, Zhiguang Chen, Zibin Zheng, and Yutong Lu. 2020. Phishing Scam Detection on Ethereum: Towards Financial Security for Blockchain Ecosystem. In IJCAI, Vol. 7. 4456--4462.
[27]
Weili Chen, Xiongfeng Guo, Zhiguang Chen, Zibin Zheng, Yutong Lu, and Yin Li. 2020. Honeypot contract risk warning on ethereum smart contracts. In 2020 IEEE International Conference on Joint Cloud Computing. IEEE, 1--8.
[28]
Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, and Yuren Zhou. 2018. Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the 2018 world wide web conference. 1409--1418.
Digital Library
[29]
Zhouhan Chen. 2018. An unsupervised approach to detect spam campaigns that use botnets on twitter. Ph.D. Dissertation. Rice University.
[30]
Tiffany Chiu, Victoria Chiu, Tawei Wang, and Yunsen Wang. 2022. Using textual analysis to detect initial coin offering frauds. Journal of Forensic Accounting Research 7, 1 (2022), 165--183.
[31]
Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. 2020. Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. In 2020 IEEE Symposium on Security and Privacy (SP). 910--927. https://doi.org/10.1109/SP40000.2020.00040
[32]
Bingyu Gao, Haoyu Wang, Pengcheng Xia, Siwei Wu, Yajin Zhou, Xiapu Luo, and Gareth Tyson. 2020. Tracking counterfeit cryptocurrency end-to-end. Proceedings of the ACM on Measurement and Analysis of Computing Systems 4, 3 (2020), 1--28.
Digital Library
[33]
Matt Gardner, Joel Grus, Mark Neumann, Oyvind Tafjord, Pradeep Dasigi, Nelson Liu, Matthew Peters, Michael Schmitz, and Luke Zettlemoyer. 2018. AllenNLP: A Deep Semantic Natural Language Processing Platform. (2018). https://doi.org/10.48550/ARXIV.1803.07640
[34]
Gibran Gomez, Pedro Moreno-Sanchez, and Juan Caballero. 2022. Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 1291--1305.
Digital Library
[35]
Klaus Grobys and Juha Junttila. 2021. Speculation and lottery-like demand in cryptocurrency markets. Journal of International Financial Markets, Institutions and Money 71 (2021), 101289.
[36]
Payas Gupta, Roberto Perdisci, and Mustaque Ahamad. 2018. Towards measuring the role of phone numbers in twitter-advertised spam. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 285--296.
Digital Library
[37]
Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin, Kirill Levchenko, Alex C Snoeren, and Damon McCoy. 2018. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 618--631.
[38]
Tyler Kell, Haaroon Yousaf, Sarah Allen, Sarah Meiklejohn, and Ari Juels. 2021. Forsage: Anatomy of a smart-contract pyramid scheme. arXiv preprint arXiv:2105.04380 (2021).
[39]
Amin Kharraz, Sajjad Arshad, Collin Mulliner, William K Robertson, and Engin Kirda. 2016. Unveil: a large-scale, automated approach to detecting ransomware. In USENIX Security symposium, Vol. 25. Austin, Texas.
[40]
Kai Li, Darren Lee, and Shixuan Guan. 2023. Understanding the Cryptocurrency Free Giveaway Scam Disseminated on Twitter Lists. (2023). arXiv:cs.CR/2306.10634
[41]
Xigao Li, Anurag Yepuri, and Nick Nikiforakis. 2023. Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams. Network and Distributed Systems Security (NDSS) Symposium.
[42]
Daniel Liebau and Patrick Schueffel. 2019. Crypto-currencies and icos: Are they scams? an empirical study. An Empirical Study (January 23, 2019) (2019).
[43]
Michele Mazza, Guglielmo Cola, and Maurizio Tesconi. 2022. Ready-to-(ab) use: From fake account trafficking to coordinated inauthentic behavior on Twitter. Online Social Networks and Media 31 (2022), 100224.
[44]
Quoc Khanh Nguyen. 2016. Blockchain-a financial technology for future sustainable development. In 2016 3rd International conference on green technology and sustainable development (GTSD). IEEE, 51--54.
[45]
Leonardo Nizzoli, Serena Tardelli, Marco Avvenuti, Stefano Cresci, Maurizio Tesconi, and Emilio Ferrara. 2020. Charting the landscape of online cryptocurrency manipulation. IEEE Access 8 (2020), 113230--113245.
[46]
Masarah Paquet-Clouston, Matteo Romiti, Bernhard Haslhofer, and Thomas Charvat. 2019. Spams meet cryptocurrencies: Sextortion in the bitcoin ecosystem. In Proceedings of the 1st ACM conference on advances in financial technologies. 76--88.
Digital Library
[47]
Lohitaksh Parmar, Ponnurangam Kumaraguru, Mustaque Ahmed, and Payas Gupta. 2017. Emerging cross-platform scam campaigns abusing phone numbers on online social networks. (2017).
[48]
Kenny Phua, Bo Sang, Chishen Wei, and Gloria Yang Yu. 2022. Don't trust, verify: The economics of scams in initial coin offerings. Available at SSRN 4064453 (2022).
[49]
Kaihua Qin, Liyi Zhou, and Arthur Gervais. 2022. Quantifying blockchain extractable value: How dark is the forest?. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 198--214.
[50]
Kaihua Qin, Liyi Zhou, Benjamin Livsh*ts, and Arthur Gervais. 2021. Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. In Financial Cryptography and Data Security, Nikita Borisov and Claudia Diaz (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 3--32.
[51]
Melanie Swan et al. 2017. Anticipating the economic benefits of blockchain. Technology innovation management review 7, 10 (2017), 6--13.
[52]
Siyuan Tang, Xianghang Mi, Ying Li, XiaoFeng Wang, and Kai Chen. 2022. Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22). Association for Computing Machinery, New York, NY, USA, 2751--2764. https://doi.org/10.1145/3548606.3559351
Digital Library
[53]
Alex Tapscott and Don Tapscott. 2017. How blockchain is changing finance. Harvard Business Review 1, 9 (2017), 2--5.
[54]
Christof Ferreira Torres, Ramiro Camino, and Radu State. 2021. Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. arXiv preprint arXiv:2102.03347 (2021).
[55]
Christof Ferreira Torres, Mathis Steichen, et al. 2019. The art of the scam: Demystifying honeypots in ethereum smart contracts. In 28th USENIX Security Symposium (USENIX Security 19). 1591--1607.
[56]
Ashutosh Tripathi, Mohona Ghosh, and Kusum Bharti. 2022. Analyzing the uncharted territory of monetizing scam Videos on YouTube. Social Network Analysis and Mining 12, 1 (2022), 119.
[57]
Iman Vakilinia. 2022. Cryptocurrency Giveaway Scam with YouTube Live Stream. In 2022 IEEE 13th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON). IEEE, 0195--0200.
[58]
Dabao Wang, Siwei Wu, Ziling Lin, Lei Wu, Xingliang Yuan, Yajin Zhou, Haoyu Wang, and Kui Ren. 2021. Towards A First Step to Understand Flash Loan and Its Applications in DeFi Ecosystem. In Proceedings of the Ninth International Workshop on Security in Blockchain and Cloud Computing (SBC '21). Association for Computing Machinery, New York, NY, USA, 23--28. https://doi.org/10.1145/3457977.3460301
Digital Library
[59]
Ye Wang, Patrick Zuest, Yaxing Yao, Zhicong Lu, and Roger Wattenhofer. 2022. Impact and user perception of sandwich attacks in the defi ecosystem. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. 1--15.
Digital Library
[60]
Pengcheng Xia, Haoyu Wang, Bingyu Gao, Weihang Su, Zhou Yu, Xiapu Luo, Chao Zhang, Xusheng Xiao, and Guoai Xu. 2021. Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange. Proc. ACM Meas. Anal. Comput. Syst. 5, 3, Article 39 (dec 2021), 26 pages. https://doi.org/10.1145/3491051
Digital Library
[61]
Pengcheng Xia, Haoyu Wang, Xiapu Luo, Lei Wu, Yajin Zhou, Guangdong Bai, Guoai Xu, Gang Huang, and Xuanzhe Liu. 2020. Don't Fish in Troubled Waters! Characterizing Coronavirus-themed Cryptocurrency Scams. In 2020 APWG Symposium on Electronic Crime Research (eCrime). 1--14. https://doi.org/10.1109/eCrime51433.2020.9493255
[62]
Pengcheng Xia, Haoyu Wang, Bowen Zhang, Ru Ji, Bingyu Gao, Lei Wu, Xiapu Luo, and Guoai Xu. 2020. Characterizing cryptocurrency exchange scams. Computers & Security 98 (2020), 101993.
[63]
Dirk A Zetzsche, Ross P Buckley, Douglas W Arner, and Linus Föhr. 2017. The ICO Gold Rush: It's a scam, it's a bubble, it's a super challenge for regulators. University of Luxembourg Law Working Paper 11 (2017), 17--83.
Cited By
View all
- Li KGuan SLee D(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365508852:1(89-90)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3673660.3655088
- Liu QFang Z(2024)Learning the Optimal Control for Evolving Systems with Converging DynamicsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36560078:2(1-39)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3656007
- Li KGuan SLee DGaretto MMarin ACiucu FFanti GRighter R(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655088(89-90)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655088
- Show More Cited By
Index Terms
Towards Understanding and Characterizing the Arbitrage Bot Scam In the Wild
Information systems
World Wide Web
Web mining
Security and privacy
Software and application security
Social network security and privacy
Systems security
Distributed systems security
Recommendations
- Towards Understanding and Characterizing the Arbitrage Bot Scam In the Wild
SIGMETRICS/PERFORMANCE '24: Abstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems
This paper presents the first comprehensive analysis of an emerging cryptocurrency scam named "arbitrage bot" disseminated on online social networks. The scam revolves around Decentralized Exchanges (DEX) arbitrage and aims to lure victims into executing ...
Read More
- Towards Understanding and Characterizing the Arbitrage Bot Scam In the Wild
SIGMETRICS '24
This paper presents the first comprehensive analysis of an emerging cryptocurrency scam named "arbitrage bot" disseminated on online social networks. The scam revolves around Decentralized Exchanges (DEX) arbitrage and aims to lure victims into executing ...
Read More
- Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Read More
Comments
Information & Contributors
Information
Published In
Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 7, Issue 3
POMACS
December 2023
599 pages
EISSN:2476-1249
DOI:10.1145/3637453
- Editors:
- Augustin Chaintreau
Columbia University
, - Leana Golubchik
University of Southern California, United States
, - Zhi-Li Zhang
University of Minnesota, United States
Issue’s Table of Contents
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [emailprotected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 December 2023
Published inPOMACSVolume 7, Issue 3
Permissions
Request permissions for this article.
Check for updates
Author Tags
- arbitrage bot
- blockchain
- cryptocurrency scams
- decentralized exchange
Qualifiers
- Research-article
Funding Sources
- Ethereum Foundation
Contributors
Other Metrics
View Article Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations
5
Total Citations
260
Total Downloads
- Downloads (Last 12 months)260
- Downloads (Last 6 weeks)64
Reflects downloads up to 09 Sep 2024
Other Metrics
View Author Metrics
Citations
Cited By
View all
- Li KGuan SLee D(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildACM SIGMETRICS Performance Evaluation Review10.1145/3673660.365508852:1(89-90)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3673660.3655088
- Liu QFang Z(2024)Learning the Optimal Control for Evolving Systems with Converging DynamicsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36560078:2(1-39)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3656007
- Li KGuan SLee DGaretto MMarin ACiucu FFanti GRighter R(2024)Towards Understanding and Characterizing the Arbitrage Bot Scam In the WildAbstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems10.1145/3652963.3655088(89-90)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3652963.3655088
- Zhang QZhai JFang CLiu JSun WHu HWang Q(2024)Machine Translation Testing via Syntactic Tree PruningACM Transactions on Software Engineering and Methodology10.1145/364032933:5(1-39)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3640329
- Li KLee DGuan S(2023)Understanding the Cryptocurrency Free Giveaway Scam Disseminated on Twitter Lists2023 IEEE International Conference on Blockchain (Blockchain)10.1109/Blockchain60715.2023.00012(9-16)Online publication date: 17-Dec-2023
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in
Full Access
Get this Article
Media
Figures
Other
Tables