Phishing Detection in Ethereum via Temporal Graph Contrastive Learning

TL;DR

This paper introduces PhishEye, a novel self-supervised, dynamic, heterogeneous graph contrastive learning system for detecting Ethereum phishing activities, outperforming existing static and semi-dynamic methods.

Contribution

It presents a fully dynamic, self-supervised approach that models Ethereum transactions as a heterogeneous temporal multi-graph, capturing temporal and transaction diversity for improved phishing detection.

Findings

Achieved an F1 score of 87.23% and AUC of 98.43% for phishing transaction detection.

Identified 1,803 new phishing addresses, preventing over 2 billion USD in potential losses.

Outperformed existing static and semi-dynamic methods in detection accuracy.

Abstract

Blockchain and decentralized finance have revolutionized the financial ecosystem while simultaneously exposing it to cryptocurrency phishing attacks. Existing phishing detection methods primarily rely on graph learning, but they face significant limitations. Static graph learning approaches fail to account for the temporal evolution of phishing patterns, while semi-dynamic methods, such as those combining static GNNs with LSTM, struggle to capture the irregular and bursty nature of blockchain transactions. Moreover, these methods overlook the diversity of Ethereum transactions, treating them as homogeneous graphs, and heavily rely on supervised learning, which requires extensive labeled data that is not readily available. These limitations reduce their adaptability to emerging phishing threats. In this paper, we present PhishEye, a fully dynamic self-supervised system that monitors on-chain transactions to detect phishing activities. PhishEye formulates Ethereum transactions as a heterogeneous temporal attributed multi-graph and incorporates a novel temporal graph contrastive learning model, which captures both temporal patterns and heterogeneous transaction types. The evaluation on a dataset of 161,658 addresses and 416,541 transactions shows that PhishEye outperforms existing methods, achieving an F1 score of 87.23% and an AUC of 98.43% for phishing transaction detection, and an F1 score of 94.19% and an AUC of 98.03% for phishing account detection. In real-world deployment from May 1, 2023 to July 31, 2024, PhishEye identified 1,803 previously unknown phishing addresses, providing early alerts that helped prevent losses exceeding 2 billion USD.