Characterizing EOSIO Blockchain

TL;DR

This paper provides a large-scale measurement and analysis of the EOSIO blockchain, revealing extensive bot activity and security issues, including real-world attacks causing significant financial losses.

Contribution

It offers the first comprehensive characterization of EOSIO's ecosystem and develops techniques to detect bots and fraudulent activities.

Findings

Over 30% of accounts are bots

Identified 301 attack accounts causing substantial losses

Discovered 80 attack accounts confirmed by DApp teams

Abstract

EOSIO has become one of the most popular blockchain platforms since its mainnet launch in June 2018. In contrast to the traditional PoW-based systems (e.g., Bitcoin and Ethereum), which are limited by low throughput, EOSIO is the first high throughput Delegated Proof of Stake system that has been widely adopted by many applications. Although EOSIO has millions of accounts and billions of transactions, little is known about its ecosystem, especially related to security and fraud. In this paper, we perform a large-scale measurement study of the EOSIO blockchain and its associated DApps. We gather a large-scale dataset of EOSIO and characterize activities including money transfers, account creation and contract invocation. Using our insights, we then develop techniques to automatically detect bots and fraudulent activity. We discover thousands of bot accounts (over 30\% of the accounts in the platform) and a number of real-world attacks (301 attack accounts). By the time of our study, 80 attack accounts we identified have been confirmed by DApp teams, causing 828,824 EOS tokens losses (roughly 2.6 million US\$) in total.