Towards Understanding Crypto-Asset Risks on Ethereum Caused by Key Leakage on the Internet

Yuxuan Zhou, Jiaqi Chen, Yibo Wang, Yuzhe Tang, Guofei Gu

Research output: Chapter in Book/Entry/PoemConference contribution

Abstract

In public blockchains, leaking secret keys can cause the permanent loss of crypto assets. It is imperative to understand the illicit activities on blockchains related to leaked keys. This paper presents the first measurement study that uncovers, quantifies, and characterizes the actual misuses of the leaked keys from top websites on the Internet to withdraw assets on Ethereum. By finding key-leaking web pages and joining them with transactions, the study reveals 7.29 ∗ 106/0.59 ∗ 106 USD worth of assets on Ethereum mainnet/Binance Smart Chain (BSC) are withdrawn from 1421/1514 leaked secret keys. Mitigations are proposed to avoid the financial loss caused by leaked keys.

Original languageEnglish (US)
Title of host publicationWWW 2024 Companion - Companion Proceedings of the ACM Web Conference
PublisherAssociation for Computing Machinery, Inc
Pages875-878
Number of pages4
ISBN (Electronic)9798400701726
DOIs
StatePublished - May 13 2024
Event33rd ACM Web Conference, WWW 2024 - Singapore, Singapore
Duration: May 13 2024May 17 2024

Publication series

NameWWW 2024 Companion - Companion Proceedings of the ACM Web Conference

Conference

Conference33rd ACM Web Conference, WWW 2024
Country/TerritorySingapore
CitySingapore
Period5/13/245/17/24

Keywords

  • Blockchain
  • Key leakage
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'Towards Understanding Crypto-Asset Risks on Ethereum Caused by Key Leakage on the Internet'. Together they form a unique fingerprint.

Cite this