The“Bitcoin Generator Scam”(BGS)is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee.In this paper,we present a data-driven system to detect,tra...The“Bitcoin Generator Scam”(BGS)is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee.In this paper,we present a data-driven system to detect,track,and analyze the BGS.It works as follows:we first formulate search queries related to BGS and use search engines to find potential instances of the scam.We then use a crawler to access these pages and a classifier to differentiate actual scam instances from benign pages.Last,we automatically monitor the BGS instances to extract the cryptocurrency addresses used in the scam.A unique feature of our system is that it proactively searches for and detects the scam pages.Thus,we can find addresses that have not yet received any transactions.Our data collection project spanned 16 months,from November 2019 to February 2021.We uncovered more than 8,000 cryptocurrency addresses directly associated with the scam,hosted on over 1,000 domains.Overall,these addresses have received around 8.7 million USD,with an average of 49.24 USD per transaction.Over 70%of the active addresses that we are capturing are detected before they receive any transactions,that is,before anyone is victimized.We also present some post-processing analysis of the dataset that we have captured to aggregate attacks that can be reasonably confidently linked to the same attacker or group.Our system is one of the first academic feeds to the APWG eCrime Exchange database.It has been actively and automatically feeding the database since November 2020.展开更多
基金This work was supported in part by Canada's Natural Sciences and Engineering Research Council(grant number“CRDPJ 539938-19”)and IBM Centre for Advanced Studies(CAS)Canada(grant number“1059”).
文摘The“Bitcoin Generator Scam”(BGS)is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee.In this paper,we present a data-driven system to detect,track,and analyze the BGS.It works as follows:we first formulate search queries related to BGS and use search engines to find potential instances of the scam.We then use a crawler to access these pages and a classifier to differentiate actual scam instances from benign pages.Last,we automatically monitor the BGS instances to extract the cryptocurrency addresses used in the scam.A unique feature of our system is that it proactively searches for and detects the scam pages.Thus,we can find addresses that have not yet received any transactions.Our data collection project spanned 16 months,from November 2019 to February 2021.We uncovered more than 8,000 cryptocurrency addresses directly associated with the scam,hosted on over 1,000 domains.Overall,these addresses have received around 8.7 million USD,with an average of 49.24 USD per transaction.Over 70%of the active addresses that we are capturing are detected before they receive any transactions,that is,before anyone is victimized.We also present some post-processing analysis of the dataset that we have captured to aggregate attacks that can be reasonably confidently linked to the same attacker or group.Our system is one of the first academic feeds to the APWG eCrime Exchange database.It has been actively and automatically feeding the database since November 2020.