Abstract
As the indispensable trading platforms of the ecosystem, hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. While, it also attracts the attention of attackers. A number of scam attacks were reported targeting cryptocurrency exchanges, leading to a huge amount of financial loss. However, no previous work in the research community has systematically studied this problem. This paper makes the first effort to identify and characterize the cryptocurrency exchange scams. First, over 1500 scam domains and over 300 fake apps are identified, by collecting existing reports and using typosquatting generation techniques. Then, by investigating the relationship between the scam domains and fake apps, this paper identifies 94 scam domain families and 30 fake app families. By further characterizing the impacts of such scams, it is revealed that these scams have incurred financial loss of 520k US dollars at least. It is further observed that the fake apps have been sneaked to major app markets (including Google Play) to infect unsuspicious users. The findings in this paper demonstrate the urgency to identify and prevent cryptocurrency exchange scams. To facilitate future research, all the identified scam domains and fake apps have been publicly released to the research community.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
