-
I Experienced More than 10 DeFi Scams: On DeFi Users' Perception of Security Breaches and Countermeasures
Authors:
Mingyi Liu,
Jun Ho Huh,
HyungSeok Han,
Jaehyuk Lee,
Jihae Ahn,
Frank Li,
Hyoungshick Kim,
Taesoo Kim
Abstract:
Decentralized Finance (DeFi) offers a whole new investment experience and has quickly emerged as an enticing alternative to Centralized Finance (CeFi). Rapidly growing market size and active users, however, have also made DeFi a lucrative target for scams and hacks, with 1.95 billion USD lost in 2023. Unfortunately, no prior research thoroughly investigates DeFi users' security risk awareness leve…
▽ More
Decentralized Finance (DeFi) offers a whole new investment experience and has quickly emerged as an enticing alternative to Centralized Finance (CeFi). Rapidly growing market size and active users, however, have also made DeFi a lucrative target for scams and hacks, with 1.95 billion USD lost in 2023. Unfortunately, no prior research thoroughly investigates DeFi users' security risk awareness levels and the adequacy of their risk mitigation strategies.
Based on a semi-structured interview study (N = 14) and a follow-up survey (N = 493), this paper investigates DeFi users' security perceptions and commonly adopted practices, and how those affected by previous scams or hacks (DeFi victims) respond and try to recover their losses. Our analysis shows that users often prefer DeFi over CeFi due to their decentralized nature and strong profitability. Despite being aware that DeFi, compared to CeFi, is prone to more severe attacks, users are willing to take those risks to explore new investment opportunities. Worryingly, most victims do not learn from previous experiences; unlike victims studied through traditional systems, DeFi victims tend to find new services, without revising their security practices, to recover their losses quickly. The abundance of various DeFi services and opportunities allows victims to continuously explore new financial opportunities, and this reality seems to cloud their security priorities. Indeed, our results indicate that DeFi users' strong financial motivations outweigh their security concerns - much like those who are addicted to gambling. Our observations about victims' post-incident behaviors suggest that stronger control in the form of industry regulations would be necessary to protect DeFi users from future breaches.
△ Less
Submitted 21 June, 2024;
originally announced June 2024.
-
Attack of the Clones: Measuring the Maintainability, Originality and Security of Bitcoin 'Forks' in the Wild
Authors:
Jusop Choi,
Wonseok Choi,
William Aiken,
Hyoungshick Kim,
Jun Ho Huh,
Taesoo Kim,
Yongdae Kim,
Ross Anderson
Abstract:
Since Bitcoin appeared in 2009, over 6,000 different cryptocurrency projects have followed. The cryptocurrency world may be the only technology where a massive number of competitors offer similar services yet claim unique benefits, including scalability, fast transactions, and security. But are these projects really offering unique features and significant enhancements over their competitors? To a…
▽ More
Since Bitcoin appeared in 2009, over 6,000 different cryptocurrency projects have followed. The cryptocurrency world may be the only technology where a massive number of competitors offer similar services yet claim unique benefits, including scalability, fast transactions, and security. But are these projects really offering unique features and significant enhancements over their competitors? To answer this question, we conducted a large-scale empirical analysis of code maintenance activities, originality and security across 592 crypto projects. We found that about half of these projects have not been updated for the last six months; over two years, about three-quarters of them disappeared, or were reported as scams or inactive. We also investigated whether 11 security vulnerabilities patched in Bitcoin were also patched in other projects. We found that about 80% of 510 C-language-based cryptocurrency projects have at least one unpatched vulnerability, and the mean time taken to fix the vulnerability is 237.8 days. Among those 510 altcoins, we found that at least 157 altcoins are likely to have been forked from Bitcoin, about a third of them containing only slight changes from the Bitcoin version from which they were forked. As case studies, we did a deep dive into 20 altcoins (e.g., Litecoin, FujiCoin, and Feathercoin) similar to the version of Bitcoin used for the fork. About half of them did not make any technically meaningful change - failing to comply with the promises (e.g., about using Proof of Stake) made in their whitepapers.
△ Less
Submitted 21 January, 2022;
originally announced January 2022.
-
Hybrid Spam Filtering for Mobile Communication
Authors:
Ji Won Yoon,
Hyoungshick Kim,
Jun Ho Huh
Abstract:
Spam messages are an increasing threat to mobile communication. Several mitigation techniques have been proposed, including white and black listing, challenge-response and content-based filtering. However, none are perfect and it makes sense to use a combination rather than just one. We propose an anti-spam framework based on the hybrid of content-based filtering and challenge-response. There is…
▽ More
Spam messages are an increasing threat to mobile communication. Several mitigation techniques have been proposed, including white and black listing, challenge-response and content-based filtering. However, none are perfect and it makes sense to use a combination rather than just one. We propose an anti-spam framework based on the hybrid of content-based filtering and challenge-response. There is the trade-offs between accuracy of anti-spam classifiers and the communication overhead. Experimental results show how, depending on the proportion of spam messages, different filtering %%@ parameters should be set.
△ Less
Submitted 17 August, 2009;
originally announced August 2009.
