Conference:ACM Conference on Computer and Communications Security (CCS)
CCF level:CCF A
Categories:network and information security
Year:2023
Num:25
1
Title:
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
黑暗之下:对野外隐秘矿池滥用的系统研究
Authors:
Abstract:
Cryptocurrency mining is a crucial operation in blockchains, and miners often join mining pools to increase their chances of earning rewards. However, the energy-intensive nature of PoW cryptocurrency mining has led to its ban in New York State of the United States, China, and India. As a result, mining pools, serving as a central hub for mining activities, have become prime targets for regulatory enforcement. Furthermore, cryptojacking malware refers to self-owned stealthy mining pools to evade detection techniques and conceal profit wallet addresses. However, no systematic research has been conducted to analyze it, largely due to a lack of full understanding of the protocol implementation, usage, and port distribution of the stealth mining pool. To the best of our knowledge, we carry out the first large-scale and longitudinal measurement research of stealthy mining pools to fill this gap. We report 7,629 stealthy mining pools among 59 countries. Further, we study the inner mechanisms of stealthy mining pools. By examining the 19,601 stealthy mining pool domains and IPs, our analysis reveals that stealthy mining pools carefully craft their domain semantics, protocol support, and lifespan to provide underground, user-friendly, and robust mining services. What’s worse, we uncover a strong correlation between stealthy mining pools and malware, with 23.3% of them being labeled as malicious. Besides, we evaluate the tricks used to evade state-of-the-art mining detection, including migrating domain name resolution methods, leveraging the botnet, and enabling TLS encryption. Finally, we conduct a qualitative study to evaluate the profit gains of malicious cryptomining activities through the stealthy pool from an insider perspective. Our results show that criminals have the potential to earn more than 1 million USD per year, boasting an average ROI of 2,750%. We have informed the relevant ISPs about uncovered stealthy mining pools and have received their acknowledgments.
2
Title:
TxPhishScope: Towards Detecting and Understanding Transaction-based Phishing on Ethereum
TxPhishScope:检测和理解以太坊上基于交易的网络钓鱼
Authors:
Abstract:
The prosperity of Ethereum attracts many users to send transactions and trade crypto assets. However, this has also given rise to a new form of transaction-based phishing scam, named TxPhish. Specifically, tempted by high profits, users are tricked into visiting fake websites and signing transactions that enable scammers to steal their crypto assets. The past year has witnessed 11 large-scale TxPhish incidents causing a total loss of more than 70 million. In this paper, we conduct the first empirical study of TxPhish on Ethereum, encompassing the process of a TxPhishTxPhish campaign and details of phishing transactions. To detect TxPhish websites and extract phishing accounts automatically, we present TxPhish, which dynamically visits the suspicious websites, triggers transactions, and simulates results. Between November 25, 2022, and July 31, 2023, we successfully detected and reported 26,333 TxPhish websites and 3,486 phishing accounts. Among all of documented TxPhish websites, 78.9% of them were first reported by us, making TxPhish the largest TxPhish website detection system. Moreover, we provided criminal evidence of four phishing accounts and their fund flow totaling 1.5 million to aid in the recovery of funds for the victims. In addition, we identified bugs in six Ethereum projects and received appreciation.
3
Title:
How Hard is Takeover in DPoS Blockchains? Understanding the Security of Coin-based Voting Governance
DPoS 区块链的接管有多难?了解基于代币的投票治理的安全性
Authors:
Blockchain; Decentralized Governance; Governance Security; Voting Governance; Delegated Proof of Stake; Web 3.0
区块链;去中心化治理;治理安全;投票治理;委托权益证明;Web 3.0
Abstract:
Delegated-Proof-of-Stake (DPoS) blockchains, such as EOSIO, Steem and TRON, are governed by a committee of block producers elected via a coin-based voting system. We recently witnessed the first de facto blockchain takeover that happened between Steem and TRON. Within one hour of this incident, TRON founder took over the entire Steem committee, forcing the original Steem community to leave the blockchain that they maintained for years. This is a historical event in the evolution of blockchains and Web 3.0. Despite its significant disruptive impact, little is known about how vulnerable DPoS blockchains are in general to takeovers and the ways in which we can improve their resistance to takeovers. In this paper, we demonstrate that the resistance of a DPoS blockchain to takeovers is governed by both the theoretical design and the actual use of its underlying coin-based voting governance system. When voters actively cooperate to resist potential takeovers, our theoretical analysis reveals that the current active resistance of DPoS blockchains is far below the theoretical upper bound. However in practice, voter preferences could be significantly different. This paper presents the first large-scale empirical study of the passive takeover resistance of EOSIO, Steem and TRON. Our study identifies the diversity in voter preferences and characterizes the impact of this diversity on takeover resistance. Through both theoretical and empirical analyses, our study provides novel insights into the security of coin-based voting governance and suggests potential ways to improve the takeover resistance of any blockchain that implements this governance model.
EOSIO、Steem 和 TRON 等委托证明(DPoS)区块链由一个通过基于代币的投票系统选出的区块生产者委员会管理。我们最近目睹了 Steem 和 TRON 之间发生的第一次事实上的区块链接管。在事件发生后一小时内,TRON 创始人接管了整个 Steem 委员会,迫使原 Steem 社区离开了他们维护多年的区块链。这是区块链和 Web 3.0 演进过程中的一个历史性事件。尽管这一事件产生了重大的破坏性影响,但人们对 DPoS 区块链在一般情况下有多容易被接管,以及我们可以通过哪些方式提高其抵御接管的能力知之甚少。在本文中,我们证明了 DPoS 区块链抵御接管的能力受其底层基于代币的投票治理系统的理论设计和实际使用的制约。当投票者积极合作抵制潜在收购时,我们的理论分析表明,目前 DPoS 区块链的主动抵制能力远低于理论上限。然而,在实践中,选民的偏好可能会有很大不同。本文首次对 EOSIO、Steem 和 TRON 的被动抵制收购能力进行了大规模实证研究。我们的研究确定了voter偏好的多样性,并描述了这种多样性对收购阻力的影响。通过理论和实证分析,我们的研究为基于代币的投票治理的安全性提供了新的见解,并提出了潜在的方法来提高任何实施这种治理模式的区块链的抗接管能力。
4
Title:
Demystifying DeFi MEV Activities in Flashbots Bundle
解密 Flashbots Bundle 中的 DeFi MEV 活动
Authors:
Abstract:
Decentralized Finance, mushrooming in permissionless blockchains, has attracted a recent surge in popularity. Due to the transparency of permissionless blockchains, opportunistic traders can compete to earn revenue by extracting Miner Extractable Value (MEV), which undermines both the consensus security and efficiency of blockchain systems. The Flashbots bundle mechanism further aggravates the MEV competition because it empowers opportunistic traders with the capability of designing more sophisticated MEV extraction. In this paper, we conduct the first systematic study on DeFi MEV activities in Flashbots bundle by developing ActLifter, a novel automated tool for accurately identifying DeFi actions in transactions of each bundle, and ActCluster, a new approach that leverages iterative clustering to facilitate us to discover known/unknown DeFi MEV activities. Extensive experimental results show that ActLifter can achieve nearly 100% precision and recall in DeFi action identification, significantly outperforming state-of-the-art techniques. Moreover, with the help of ActCluster, we obtain many new observations and discover 17 new kinds of DeFi MEV activities, which occur in 53.12% of bundles but have not been reported in existing studies.
5
Title:
Uncle Maker: (Time)Stamping Out The Competition in Ethereum
Uncle Maker:(及时)消灭以太坊中的竞争对手
Authors:
Abstract:
We present and analyze an attack on Ethereum 1’s consensus mechanism, which allows miners to obtain higher mining rewards compared to their honest peers. This attack is novel in that it relies on manipulating block timestamps and the difficulty-adjustment algorithm (DAA) to give the miner an advantage whenever block races ensue. We call our attack Uncle Maker, as it induces a higher rate of uncle blocks. We describe several variants of the attack. Among these, one that is risk-free for miners. Our attack differs from past attacks such as Selfish Mining, that have been shown to be profitable but were never observed in practice: We analyze data from Ethereum’s blockchain and show that some of Ethereum’s miners have been actively running a variant of this attack for several years without being detected, making this the first evidence of miner manipulation of a major consensus mechanism. We present our evidence, as well as estimates of the profits gained by attackers, at the expense of honest miners. Since several blockchains are still running Ethereum 1’s protocol, we suggest concrete fixes and implement them as a patch for geth.
注:RUM为riskless uncle maker
6
Title:
Themis: Fast, Strong Order-Fairness in Byzantine Consensus
Themis:拜占庭共识中的快速、强排序公平
Authors:
Abstract:
We introduce Themis, a scheme for introducing fair ordering of transactions into (permissioned) Byzantine consensus protocols with at most ƒ faulty nodes among n ≥ 4ƒ + 1. Themis enforces the strongest notion of fair ordering proposed to date. It also achieves standard liveness, rather than the weaker notion of previous work with the same fair ordering property. We show experimentally that Themis can be integrated into state-of-the-art consensus protocols with minimal modification or performance overhead. Additionally, we introduce a suite of experiments of general interest for evaluating the practical strength of various notions of fair ordering and the resilience of fair-ordering protocols to adversarial manipulation. We use this suite of experiments to show that the notion of fair ordering enforced by Themis is stronger in practice than those of competing systems. We believe Themis offers strong practical protection against many types of transaction-ordering attacks-such as front-running and back-running-that are currently impacting commonly used smart contract systems.
7
Title:
Towards Practical Sleepy BFT
迈向实用的 Sleepy BFT
Authors:
BFT Protocols; Blockchain; Dynamic Participation; Sleepy Model
BFT 协议;区块链;动态参与;Sleepy模型
Abstract:
Bitcoin’s longest-chain protocol pioneered consensus under dynamic participation, also known as sleepy consensus, where nodes do not need to be permanently active. However, existing solutions for sleepy consensus still face two major issues, which we address in this work. First, existing sleepy consensus protocols have high latency (either asymptotically or concretely). We tackle this problem and achieve 4Δ latency (Δ is the bound on network delay) in the best case, which is comparable to classic BFT protocols without dynamic participation support. Second, existing protocols have to assume that the set of corrupt participants remains fixed throughout the lifetime of the protocol due to a problem we call costless simulation. We resolve this problem and support growing participation of corrupt nodes. Our new protocol also offers several other important advantages, including support for arbitrary fluctuation of honest participation as well as an efficient recovery mechanism for new active nodes.
篇幅有限,下篇文章将继续分享剩余论文
关注我们,持续接收区块链最新论文
洞察区块链技术发展趋势
Follow us to keep receiving the latest blockchain papers
原文始发于微信公众号(区块论文跟踪):最新区块链论文速读–CCF A会议 CCS 2024 共25篇 附pdf下载(1/4)
