Honeypot Method to Lure Attackers Without Holding Crypto-Assets

Abstract

In recent years, the convenience and potential use of crypto-assets such as Bitcoin and Ethereum have attracted increasing attention. On the other hand, there have been reports of attacks on the blockchain networks that support crypto-assets in an attempt to steal other users' assets. In the past, research on attack observation against blockchains has used techniques such as holding real crypto-assets to lure attackers into honeypots or falsifying balances to attackers. However, these methods risk losing crypto-assets to attackers or being exposed as honeypots to attackers. To solve these problems, we propose a new RPC (Remote Procedure Call) honeypot method that returns the wallet address of another party holding a high balance in response to an attacker's request, thereby luring the attacker without having the real crypto-assets. Our experimental evaluation shows that this method can attract more attackers than the method with zero-balance wallets and can observe more sophisticated attacks. Furthermore, we proposed a risk reduction strategy for crypto-asset theft by applying the idea of our method. In the log analysis process, we devised a new clustering method using the number of times an attacker executes a specific method as a feature. By applying this method, we successfully classified attackers based on their objectives, demonstrating the efficient analysis of vast amounts of log data.