The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts

TL;DR

This paper systematically analyzes Ethereum honeypot smart contracts, developing a taxonomy, creating a detection tool, and revealing their prevalence, behavior, and financial impact on the blockchain.

Contribution

It introduces HoneyBadger, a symbolic execution-based tool for detecting honeypots, and provides the first large-scale analysis of honeypots on Ethereum.

Findings

Identified 690 honeypot contracts and 240 victims.

Honeypots earned over $90,000 in total.

87% validation accuracy of honeypot detection.

Abstract

Modern blockchains, such as Ethereum, enable the execution of so-called smart contracts - programs that are executed across a decentralised network of nodes. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In the past few years, several smart contracts have been exploited by attackers. However, a new trend towards a more proactive approach seems to be on the rise, where attackers do not search for vulnerable contracts anymore. Instead, they try to lure their victims into traps by deploying seemingly vulnerable contracts that contain hidden traps. This new type of contracts is commonly referred to as honeypots. In this paper, we present the first systematic analysis of honeypot smart contracts, by investigating their prevalence, behaviour and impact on the Ethereum blockchain. We develop a taxonomy of honeypot techniques and use this to build HoneyBadger - a tool that employs symbolic execution and well defined heuristics to expose honeypots. We perform a large-scale analysis on more than 2 million smart contracts and show that our tool not only achieves high precision, but is also highly efficient. We identify 690 honeypot smart contracts as well as 240 victims in the wild, with an accumulated profit of more than $90,000 for the honeypot creators. Our manual validation shows that 87% of the reported contracts are indeed honeypots.