Scientists working in a lab

‘Follow the Money!’ $2 Billion of Crypto Scams Found on Ethereum

According to a new study, online criminals are scoring massive paydays – billions of dollars over the past seven years– by capitalizing on the public’s unfamiliarity with cryptocurrency and blockchain technology. 

The discovery of $2 billion of illicit profits distributed across 91 digital wallets on the Ethereum blockchain was made by Georgia Tech Ph.D. student Mingxuan Yao and his faculty advisor, Associate Professor Brendan Saltaformaggio.

The pair spent six months reviewing millions of smart contract transactions and developed CoCo, an open-source tool capable of identifying fraud on Ethereum in real time. 

Through their research Yao and Saltaformaggio found that smart contracts are being abused by anonymous cyber criminals at a much larger scale than previously known. Running a pool of 157 confirmed fraudulent contracts through Coco uncovered an additional unreported 1.2 million smart contracts. 

students and professor sitting around a table
Researchers from Georgia Tech's CyFI Lab meet to discuss ongoing projects. Photos by Kevin Beasley/ College of Computing 

The work was done in Georgia Tech’s Cyber Forensics Innovation (CyFI) Lab, a collaboration between the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computing Engineering (ECE). The lab specializes in digital forensic work and used its skills to investigate smart contract fraud on the prominent public cryptocurrency blockchain Ethereum.

One of Ethereum’s biggest selling points is smart contracts, programs that automatically carry out cryptocurrency transactions and eliminate the need for bankers, brokers, or other third parties. However, through their new tool, Yao and Saltaformaggio found 2.6 million Ethereum cryptocurrencies, equivalent to $2 billion USD, have been illicitly collected through smart contracts since September 2017.

While regulators, law enforcement, and researchers have been aware of crypto scams and fraudulent smart contracts for quite some time, specific data has been difficult to pin down before now.

The layers of blockchain fraud have made it difficult to track fraudulent contracts and connect them to the associated digital wallets. Since the Ethereum blockchain is decentralized, there is no customer support, and it falls to the users to police the blockchain and flag false contracts. 

“Scammers are creating one-time use smart contracts to avoid being flagged,” said Saltaformaggio. “The state-of-the-art technologies that track crypto fraud focus on one contract at a time. This creates a problem because there are burner accounts, and the burner accounts can create more burners.”

Smart contracts are also irreversible, so there is no chance for a refund and no way to stop any automatic payments. The added anonymity of blockchain transactions makes it nearly impossible to recover stolen money. 

The CyFI Lab reported the fraudulent accounts to the Federal Bureau of Investigation (FBI) and to Etherscan, a block explorer and analytics platform for Ethereum.

The CyFI Lab sign
The work done in the Cyber Forensics Innovation (CyFI) Lab ranges from research in cyber forensics and computer system security to key applications in the vetting of untrusted/malicious software and the protection of critical cyber-infrastructure. Photos by Kevin Beasley/ College of Computing 

“Ethereum’s decentralized nature makes it difficult to hold anyone accountable,” said Yao. “No one has direct control over the product once it is live. This makes it attractive to scammers because no one can police them.”

Yao’s next project is trying to locate the owners of the 91 digital wallets responsible for the 1.2 million fraudulent contracts and report them to the authorities. Despite the anonymity of blockchain purchases, there is still forensic evidence that can lead to the person or persons responsible for the fraud. 

The CyFI Lab’s newest tool combines malicious code analysis with blockchain transactions and can be used by third-party cryptocurrency marketplaces to detect fraud as it happens. The researchers have made CoCo’s open-source software available on Github for blockchain investigators, users, and third-party cryptocurrency companies. 

More details on these findings will be presented at the end of May during the 45th IEEE Symposium on Security and Privacy in San Francisco, California.

Meet the Researchers
man in white shirt
Associate Professor Brendan Saltaformaggio

A smiling man standing outside
Mingxuan Yao, fourth-year Ph.D. student at Georgia Tech