Blockchain Address Poisoning (Companion Dataset)

dataset

posted on 2025-06-03, 15:28 authored by Taro TsuchiyaTaro Tsuchiya, Jin Dong DongJin Dong Dong, Kyle SoskaKyle Soska, Nicolas ChristinNicolas Christin

In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select addresses from their recent transaction history, which enables blockchain address poisoning. The adversary first generates lookalike addresses similar to one with which the victim has previously interacted, and then engages with the victim to “poison” their transaction history. The goal is to have the victim mistakenly send tokens to the lookalike address, as opposed to the intended recipient. We develop a detection system and perform measurements over two years on Ethereum and BSC.

We release the detection result dataset, including over 17 million attack attempts on Ethereum and successful payoff transfers. We also provide a jupyter notebook explaining 1) how to access the dataset, 2) how to produce descriptive statistics such as the number of poisoning transfers, and 3) how to manually verify the payoff transfer on Etherscan (BSCscan). This dataset will enable other researchers to validate our results as well as conduct further analysis.

Funding

Sui Foundation Academic Grant

Carnegie Mellon CyLab’s Secure Blockchain Initiative

Nakajima Foundation

History

Publisher Statement

Cite our paper: @misc{tsuchiya2025blockchainaddresspoisoning, title={Blockchain Address Poisoning}, author={T. Tsuchiya and J. Dong and K. Soska and N. Christin}, year={2025}, eprint={2501.16681}, archivePrefix={arXiv}, primaryClass={cs.CR}, url={https://arxiv.org/abs/2501.16681}, }