DeepAI AI Chat
Log In Sign Up

Et tu, Blockchain? Outsmarting Smart Contracts via Social Engineering

by   Nikolay Ivanov, et al.
Michigan State University

We reveal six zero-day social engineering attacks in Ethereum, and subdivide them into two classes: Address Manipulation and Homograph. We demonstrate the attacks by embedding them in source codes of five popular smart contracts with combined market capitalization of over $29 billion, and show that the attacks have the ability to remain dormant during the testing phase and activate only after production deployment. We analyze 85,656 open source smart contracts and find 1,027 contracts that can be directly used for performing social engineering attacks. For responsible disclosure, we contact seven smart contract security firms. In the spirit of open research, we make the source codes of the attack benchmark, tools, and datasets available to the public.


page 1

page 2


Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts

Ethereum holds multiple billions of U.S. dollars in the form of Ether cr...

Mutation Testing for Ethereum Smart Contract

Smart contract is a special program that manages digital assets on block...

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Recently, a number of existing blockchain systems have witnessed major b...

Why blockchain and smart contracts need semantic descriptions

We argue that there is a hierarchy of levels describing to that particul...

Cyclic Arbitrage in Decentralized Exchange Markets

In May 2020, Uniswap V2 was officially launched on Ethereum. Uniswap V2 ...

Economically Viable Randomness

We study the problem of providing blockchain applications with economica...