The Poorest Man in Babylon: A Longitudinal Study of Cryptocurrency Investment Scams
Track: Security and privacy
Keywords: Cryptocurrency, Scam, Ethereum, Bitcoin
TL;DR: A multi-month study tracking cryptocurrency investment scams in the wild, in order to understand how they operate, who the attackers are, and how victims lose money from these fake investments
Abstract: Governments and regulatory bodies have recognized investment scams as the most prevalent forms of cryptocurrency fraud. These scams typically use professional-looking websites to lure unsuspecting victims with promises of unrealistically high returns. In this paper, we introduce Crimson, a distributed system designed to continuously detect cryptocurrency investment scam websites as they are created in the wild. Over the first 8 months of 2024, Crimson processed approximately 6 billion domain names and classified 43, 572 unique cryptocurrency investment scam websites in real-time. Beyond detection, we provide insights into the design and infrastructure of these websites that can help users recognize scam patterns and assist hosting providers in detecting and blocking such sites. Among others, we discovered that most investment scam websites use similar templates and that 52% of all scam websites were hosted on just 10% of all resolved IP addresses, indicating a concentration of scam operations within a small subset of hosting providers. Furthermore, we investigate the inclusion of our detected scam websites in blacklists used by popular web browsers and applications, finding that the vast majority of these websites were absent. On the financial side, by analyzing the incoming transactions to scammer wallets on 6.7% of the sites detected by Crimson, we observe an estimated lower bound of 2.04M USD in losses because of cryptocurrency investment scams, pointing to tens of millions of dollars of losses in total.
Submission Number: 1287
Loading