Characterizing cryptocurrency exchange scams

Pengcheng Xia, Haoyu Wang, Bowen Zhang, Ru Ji, Bingyu Gao, Lei Wu, Xiapu Luo, Guoai Xu

Research output: Journal article publicationJournal articleAcademic researchpeer-review

55 Citations (Scopus)

Abstract

As the indispensable trading platforms of the ecosystem, hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. While, it also attracts the attention of attackers. A number of scam attacks were reported targeting cryptocurrency exchanges, leading to a huge amount of financial loss. However, no previous work in the research community has systematically studied this problem. This paper makes the first effort to identify and characterize the cryptocurrency exchange scams. First, over 1500 scam domains and over 300 fake apps are identified, by collecting existing reports and using typosquatting generation techniques. Then, by investigating the relationship between the scam domains and fake apps, this paper identifies 94 scam domain families and 30 fake app families. By further characterizing the impacts of such scams, it is revealed that these scams have incurred financial loss of 520k US dollars at least. It is further observed that the fake apps have been sneaked to major app markets (including Google Play) to infect unsuspicious users. The findings in this paper demonstrate the urgency to identify and prevent cryptocurrency exchange scams. To facilitate future research, all the identified scam domains and fake apps have been publicly released to the research community.

Original languageEnglish
Article number101993
Pages (from-to)1-17
JournalComputers and Security
Volume98
DOIs
Publication statusPublished - Nov 2020

Keywords

  • Cryptocurrency
  • Domain typosquatting
  • Exchange
  • Fake app
  • Scam
  • Trust-trading

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'Characterizing cryptocurrency exchange scams'. Together they form a unique fingerprint.

Cite this