Fishing for Fraudsters: Uncovering Ethereum Phishing Gangs With Blockchain Data

As one of the most typical cybercrime types, phishing scams have extended the devil's hand to the emerging blockchain ecosystem in recent years. Especially, huge economic losses have been caused by phishing scams in Ethereum, the second-largest blockchain system. Existing approaches for Ethereum phishing detection, however, typically use machine learning or transaction graph embedding methods to identify phishers in isolation and do not effectively uncover the group of transaction accounts linked to scams (which we term a "gang"). Since accounts are pseudonymous in Ethereum, these undisclosed conspirator accounts have potential risks to the system. In this paper, we conduct the first study that characterizes and detects Ethereum phishing gangs. We first investigate the transaction behaviors in phishing gangs from the perspectives of individuals, pairs, and higher-order patterns. Our analysis reveals that although the Ethereum transaction graph is sparse with a highly skewed degree distribution, phishing accounts in the same gang have closer relationships and share specific transaction patterns. Based on our findings, we formalize the phishing gang detection problem and introduce a novel detection model named PGDetector. Given a risky phishing account as a seed, PGDetector can find out the potential risky accounts sharing close relationships within the seed's community based on genetic algorithm optimization. Experimental results on large-scale Ethereum transaction data demonstrate the effectiveness of PGDetector.