Tracing Cryptocurrency Scams: Clustering Replicated Advance-Fee and Phishing Websites
This addresses the issue of cryptocurrency scams for victims and security researchers, but it is incremental as it applies existing clustering methods to new data.
The paper tackled the problem of cryptocurrency scams by analyzing public online and blockchain data to cluster visually similar scam websites, revealing that the same entities run multiple instances of advance-fee and phishing scams and manipulate blockchain activity to appear genuine.
Over the past few years, there has been a growth in activity, public knowledge, and awareness of cryptocurrencies and related blockchain technology. As the industry has grown, there has also been an increase in scams looking to steal unsuspecting individuals cryptocurrency. Many of the scams operate on visually similar but seemingly unconnected websites, advertised by malicious social media accounts, which either attempt an advance-fee scam or operate as phishing websites. This paper analyses public online and blockchain-based data to provide a deeper understanding of these cryptocurrency scams. The clustering technique DBSCAN is applied to the content of scam websites to discover a typology of advance-fee and phishing scams. It is found that the same entities are running multiple instances of similar scams, revealed by their online infrastructure and blockchain activity. The entities also manufacture public blockchain activity to create the appearance that their scams are genuine. Through source and destination of funds analysis, it is observed that victims usually send funds from fiat-accepting exchanges. The entities running these scams cash-out or launder their proceeds using a variety of avenues including exchanges, gambling sites, and mixers.