Phishing Tactics Are Evolving: An Empirical Study of Phishing Contracts on Ethereum
He, Bowen Hu, Xiaohui Hu, Yufeng Yu, Ting Chang, Rui Wu, Lei Zhou, Yajin
He, Bowen
Hu, Xiaohui
Hu, Yufeng
Yu, Ting
Chang, Rui
Wu, Lei
Zhou, Yajin
Supervisor
Department
Computer Science
Embargo End Date
Type
Journal article
Date
2025
License
Language
English
Collections
Research Projects
Organizational Units
Journal Issue
Abstract
The prosperity of Ethereum has led to a rise in phishing scams Initially, scammers lured users into transferring or granting tokens to Externally Owned Accounts (EOAs) Now, they have shifted to deploying phishing contracts to deceive users Specifically, scammers trick victims into either directly transferring tokens to phishing contracts or granting these contracts control over their tokens Our research reveals that phishing contracts have resulted in significant financial losses for users While several studies have explored cybercrime on Ethereum, to the best of our knowledge, the understanding of phishing contracts is still limited In this paper, we present the first empirical study of phishing contracts on Ethereum We first build a sample dataset including 790 reported phishing contracts, based on which we uncover the key features of phishing contracts Then, we propose to collect phishing contracts by identifying suspicious functions from the bytecode and simulating transactions With this method, we have built the first large-scale phishing contract dataset on Ethereum, comprising 37,654 phishing contracts deployed between December 29, 2022 and January 1, 2025 Based on the above dataset, we collect phishing transactions and then conduct the measurement from the perspectives of victim accounts, phishing contracts, and deployer accounts Alarmingly, these phishing contracts have launched 211,319 phishing transactions, leading to $1907 million in losses for 171,984 victim accounts Moreover, we identify a large-scale phishing group deploying 857% of all phishing contracts, and it remains active at present Our work aims to serve as a valuable reference in combating phishing contracts and protecting users’ assets © 2025 ACM
Citation
B. He et al., “Phishing Tactics Are Evolving: An Empirical Study of Phishing Contracts on Ethereum,” Proceedings of the ACM on Measurement and Analysis of Computing Systems, vol. 9, no. 2, p. 24, May 2025, doi: 10.1145/3727138
Source
Proceedings of the ACM on Measurement and Analysis of Computing Systems
Conference
Keywords
Decentralized Finance, Ethereum, Phishing contract detection
Subjects
Source
Publisher
Association for Computing Machinery