We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Et tu, Blockchain? Outsmarting Smart Contracts via Social Engineering

Abstract: We reveal six zero-day social engineering attacks in Ethereum, and subdivide them into two classes: Address Manipulation and Homograph. We demonstrate the attacks by embedding them in source codes of five popular smart contracts with combined market capitalization of over \$29 billion, and show that the attacks have the ability to remain dormant during the testing phase and activate only after production deployment. We analyze 85,656 open source smart contracts and find 1,027 contracts that can be directly used for performing social engineering attacks. For responsible disclosure, we contact seven smart contract security firms. In the spirit of open research, we make the source codes of the attack benchmark, tools, and datasets available to the public.
Comments: 14th annual Graduate Academic Conference (GAC). arXiv admin note: text overlap with arXiv:2105.00132
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2209.08356 [cs.CR]
  (or arXiv:2209.08356v1 [cs.CR] for this version)

Submission history

From: Nikolay Ivanov [view email]
[v1] Sat, 17 Sep 2022 15:55:31 GMT (1442kb,D)

Link back to: arXiv, form interface, contact.