We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 2209

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: Et tu, Blockchain? Outsmarting Smart Contracts via Social Engineering

Authors: Nikolay Ivanov, Qiben Yan
(Submitted on 17 Sep 2022)
Abstract: We reveal six zero-day social engineering attacks in Ethereum, and subdivide them into two classes: Address Manipulation and Homograph. We demonstrate the attacks by embedding them in source codes of five popular smart contracts with combined market capitalization of over \$29 billion, and show that the attacks have the ability to remain dormant during the testing phase and activate only after production deployment. We analyze 85,656 open source smart contracts and find 1,027 contracts that can be directly used for performing social engineering attacks. For responsible disclosure, we contact seven smart contract security firms. In the spirit of open research, we make the source codes of the attack benchmark, tools, and datasets available to the public.
Comments: 14th annual Graduate Academic Conference (GAC). arXiv admin note: text overlap with arXiv:2105.00132
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2209.08356 [cs.CR]
  (or arXiv:2209.08356v1 [cs.CR] for this version)

Submission history

From: Nikolay Ivanov [view email]
[v1] Sat, 17 Sep 2022 15:55:31 GMT (1442kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.