Characterizing cryptocurrency exchange scams

Pengcheng Xia, Haoyu Wang, Bowen Zhang, Ru Ji, Bingyu Gao, Lei Wu, Xiapu Luo, Guoai Xu

Research output: Journal article publicationJournal articleAcademic researchpeer-review

3 Citations (Scopus)


As the indispensable trading platforms of the ecosystem, hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. While, it also attracts the attention of attackers. A number of scam attacks were reported targeting cryptocurrency exchanges, leading to a huge amount of financial loss. However, no previous work in the research community has systematically studied this problem. This paper makes the first effort to identify and characterize the cryptocurrency exchange scams. First, over 1500 scam domains and over 300 fake apps are identified, by collecting existing reports and using typosquatting generation techniques. Then, by investigating the relationship between the scam domains and fake apps, this paper identifies 94 scam domain families and 30 fake app families. By further characterizing the impacts of such scams, it is revealed that these scams have incurred financial loss of 520k US dollars at least. It is further observed that the fake apps have been sneaked to major app markets (including Google Play) to infect unsuspicious users. The findings in this paper demonstrate the urgency to identify and prevent cryptocurrency exchange scams. To facilitate future research, all the identified scam domains and fake apps have been publicly released to the research community.

Original languageEnglish
Article number101993
Pages (from-to)1-17
JournalComputers and Security
Publication statusPublished - Nov 2020


  • Cryptocurrency
  • Domain typosquatting
  • Exchange
  • Fake app
  • Scam
  • Trust-trading

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this