-
Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates
Authors:
Enze Liu,
George Kappos,
Eric Mugnier,
Luca Invernizzi,
Stefan Savage,
David Tao,
Kurt Thomas,
Geoffrey M. Voelker,
Sarah Meiklejohn
Abstract:
Scams -- fraudulent schemes designed to swindle money from victims -- have existed for as long as recorded history. However, the Internet's combination of low communication cost, global reach, and functional anonymity has allowed scam volumes to reach new heights. Designing effective interventions requires first understanding the context: how scammers reach potential victims, the earnings they mak…
▽ More
Scams -- fraudulent schemes designed to swindle money from victims -- have existed for as long as recorded history. However, the Internet's combination of low communication cost, global reach, and functional anonymity has allowed scam volumes to reach new heights. Designing effective interventions requires first understanding the context: how scammers reach potential victims, the earnings they make, and any potential bottlenecks for durable interventions. In this short paper, we focus on these questions in the context of cryptocurrency giveaway scams, where victims are tricked into irreversibly transferring funds to scammers under the pretense of even greater returns. Combining data from Twitter, YouTube and Twitch livestreams, landing pages, and cryptocurrency blockchains, we measure how giveaway scams operate at scale. We find that 1 in 1000 scam tweets, and 4 in 100,000 livestream views, net a victim, and that scammers managed to extract nearly \$4.62 million from just hundreds of victims during our measurement window.
△ Less
Submitted 15 May, 2024;
originally announced May 2024.
-
How to Peel a Million: Validating and Expanding Bitcoin Clusters
Authors:
George Kappos,
Haaroon Yousaf,
Rainer Stütz,
Sofia Rollet,
Bernhard Haslhofer,
Sarah Meiklejohn
Abstract:
One of the defining features of Bitcoin and the thousands of cryptocurrencies that have been derived from it is a globally visible transaction ledger. While Bitcoin uses pseudonyms as a way to hide the identity of its participants, a long line of research has demonstrated that Bitcoin is not anonymous. This has been perhaps best exemplified by the development of clustering heuristics, which have i…
▽ More
One of the defining features of Bitcoin and the thousands of cryptocurrencies that have been derived from it is a globally visible transaction ledger. While Bitcoin uses pseudonyms as a way to hide the identity of its participants, a long line of research has demonstrated that Bitcoin is not anonymous. This has been perhaps best exemplified by the development of clustering heuristics, which have in turn given rise to the ability to track the flow of bitcoins as they are sent from one entity to another.
In this paper, we design a new heuristic that is designed to track a certain type of flow, called a peel chain, that represents many transactions performed by the same entity; in doing this, we implicitly cluster these transactions and their associated pseudonyms together. We then use this heuristic to both validate and expand the results of existing clustering heuristics. We also develop a machine learning-based validation method and, using a ground-truth dataset, evaluate all our approaches and compare them with the state of the art. Ultimately, our goal is to not only enable more powerful tracking techniques but also call attention to the limits of anonymity in these systems.
△ Less
Submitted 27 May, 2022;
originally announced May 2022.
-
An Empirical Analysis of Privacy in the Lightning Network
Authors:
George Kappos,
Haaroon Yousaf,
Ania Piotrowska,
Sanket Kanjalkar,
Sergi Delgado-Segura,
Andrew Miller,
Sarah Meiklejohn
Abstract:
Payment channel networks, and the Lightning Network in particular, seem to offer a solution to the lack of scalability and privacy offered by Bitcoin and other blockchain-based cryptocurrencies. Previous research has focused on the scalability, availability, and crypto-economics of the Lightning Network, but relatively little attention has been paid to exploring the level of privacy it achieves in…
▽ More
Payment channel networks, and the Lightning Network in particular, seem to offer a solution to the lack of scalability and privacy offered by Bitcoin and other blockchain-based cryptocurrencies. Previous research has focused on the scalability, availability, and crypto-economics of the Lightning Network, but relatively little attention has been paid to exploring the level of privacy it achieves in practice. This paper presents a thorough analysis of the privacy offered by the Lightning Network, by presenting several attacks that exploit publicly available information about the network in order to learn information that is designed to be kept secret, such as how many coins a node has available or who the sender and recipient are in a payment routed through the network.
△ Less
Submitted 21 January, 2021; v1 submitted 27 March, 2020;
originally announced March 2020.
-
Extending the Anonymity of Zcash
Authors:
George Kappos,
Ania M. Piotrowska
Abstract:
Although Bitcoin in its original whitepaper stated that it offers anonymous transactions, de-anonymization techniques have found otherwise. Therefore, alternative cryptocurrencies, like Dash, Monero, and Zcash, were developed to provide better privacy. As Edward Snowden stated, "Zcash's privacy tech makes it the most interesting Bitcoin alternative (...) because the privacy properties of it are tr…
▽ More
Although Bitcoin in its original whitepaper stated that it offers anonymous transactions, de-anonymization techniques have found otherwise. Therefore, alternative cryptocurrencies, like Dash, Monero, and Zcash, were developed to provide better privacy. As Edward Snowden stated, "Zcash's privacy tech makes it the most interesting Bitcoin alternative (...) because the privacy properties of it are truly unique". Zcash's privacy is based on peer-reviewed cryptographic constructions, hence it is considered to provide the foundations for the best anonymity. However, even Zcash makes some privacy concessions. It does not protect users' privacy in the presence of a global adversary who is able to observe the whole network, and hence correlate the parties exchanging money, by using their network addresses. The recent empirical analysis of Zcash shows, that users often choose naive ways while performing the protocol operations, not realizing that it degrades their anonymity. In this talk, we will discuss an extension of Zcash using mix networks to enhance the privacy guarantees of users that choose to remain anonymous by tackling two major security challenges: one at the application layer of the scheme and one at its network layer.
△ Less
Submitted 19 February, 2019;
originally announced February 2019.
-
Tracing Transactions Across Cryptocurrency Ledgers
Authors:
Haaroon Yousaf,
George Kappos,
Sarah Meiklejohn
Abstract:
One of the defining features of a cryptocurrency is that its ledger, containing all transactions that have evertaken place, is globally visible. As one consequenceof this degree of transparency, a long line of recent re-search has demonstrated that even in cryptocurrenciesthat are specifically designed to improve anonymity it is often possible to track money as it changes hands,and in some cases t…
▽ More
One of the defining features of a cryptocurrency is that its ledger, containing all transactions that have evertaken place, is globally visible. As one consequenceof this degree of transparency, a long line of recent re-search has demonstrated that even in cryptocurrenciesthat are specifically designed to improve anonymity it is often possible to track money as it changes hands,and in some cases to de-anonymize users entirely. With the recent proliferation of alternative cryptocurrencies, however, it becomes relevant to ask not only whether ornot money can be traced as it moves within the ledgerof a single cryptocurrency, but if it can in fact be tracedas it moves across ledgers. This is especially pertinent given the rise in popularity of automated trading platforms such as ShapeShift, which make it effortless to carry out such cross-currency trades. In this paper, weuse data scraped from ShapeShift over a thirteen-monthperiod and the data from eight different blockchains to explore this question. Beyond develo** new heuristics and creating new types of links across cryptocurrency ledgers, we also identify various patterns of cross-currency trades and of the general usage of these platforms, with the ultimate goal of understanding whetherthey serve a criminal or a profit-driven agenda.
△ Less
Submitted 17 May, 2019; v1 submitted 30 October, 2018;
originally announced October 2018.
-
An Empirical Analysis of Anonymity in Zcash
Authors:
George Kappos,
Haaroon Yousaf,
Mary Maller,
Sarah Meiklejohn
Abstract:
Among the now numerous alternative cryptocurrencies derived from Bitcoin, Zcash is often touted as the one with the strongest anonymity guarantees, due to its basis in well-regarded cryptographic research. In this paper, we examine the extent to which anonymity is achieved in the deployed version of Zcash. We investigate all facets of anonymity in Zcash's transactions, ranging from its transparent…
▽ More
Among the now numerous alternative cryptocurrencies derived from Bitcoin, Zcash is often touted as the one with the strongest anonymity guarantees, due to its basis in well-regarded cryptographic research. In this paper, we examine the extent to which anonymity is achieved in the deployed version of Zcash. We investigate all facets of anonymity in Zcash's transactions, ranging from its transparent transactions to the interactions with and within its main privacy feature, a shielded pool that acts as the anonymity set for users wishing to spend coins privately. We conclude that while it is possible to use Zcash in a private way, it is also possible to shrink its anonymity set considerably by develo** simple heuristics based on identifiable patterns of usage.
△ Less
Submitted 8 May, 2018;
originally announced May 2018.