Understanding and Characterizing Obfuscated Funds Transfers in Ethereum Smart Contracts

TL;DR

This paper investigates how code obfuscation in Ethereum smart contracts increases financial risks and hampers detection, introducing a framework and taxonomy to analyze obfuscation techniques and their impact on scam detection.

Contribution

It proposes ObfProbe, a bytecode analysis framework, and a transfer-centric obfuscation taxonomy, revealing the extent and impact of obfuscation in Ethereum scams.

Findings

Obfuscation significantly increases financial damage and detection time.

Over 3,000 highly obfuscated contracts identified in 1.03 million analyzed.

Detection accuracy drops from 80% to 12% on obfuscated contracts.

Abstract

Scam contracts on Ethereum have rapidly evolved alongside the rise of DeFi and NFT ecosystems, utilizing increasingly complex code obfuscation techniques to avoid early detection. This paper systematically investigates how obfuscation amplifies the financial risks of fraudulent contracts and undermines existing auditing tools. We propose a transfer-centric obfuscation taxonomy, distilling seven key features, and introduce ObfProbe, a framework that performs bytecode-level smart contract analysis to uncover obfuscation techniques and quantify obfuscation complexity via Z-score ranking. In a large-scale study of 1.03 million Ethereum contracts, we isolate over 3 000 highly obfuscated contracts and identify two scam archetypes, three high-risk contract categories, and MEV bots that employ a variety of obfuscation maneuvers such as inline assembly, dead code insertion, and deep function splitting. We further show that obfuscation substantially increases both the scale of financial damage and the time until detection. Finally, we evaluate SourceP, a state-of-the-art Ponzi detection tool, on obfuscated versus non-obfuscated samples and observe its accuracy drop from approximately 80 percent to approximately 12 percent in real-world scenarios. These findings highlight the urgent need for enhanced anti-obfuscation analysis techniques and broader community collaboration to stem the proliferation of scam contracts in the expanding DeFi ecosystem.