Introduction

The following links are provided for anyone who wants to follow our ideas in paper "The ``Bitcoin Generator'' Scam".

Paper abstract

The ``Bitcoin Generator Scam'' (BGS) is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee. In this paper, we present a data-driven system to detect, track, and analyze the BGS. It works as follows: we first formulate search queries related to BGS and use search engines to find potential instances of the scam. We use a crawler to access these pages and a classifier to tell actual scan instances apart from benign pages. We then automatically monitor the BGS instances to extract the cryptocurrency addresses used in the scam. A unique feature of our system is that its proactively search for and detect the scam pages. Thus, we can find addresses that have not received any transaction yet.

Our data collection spans 16 months, from November-19 to February-2021. We uncovered more than 8,000 cryptocurrency addresses directly associated with the scam, hosted on over 1,000 domains. Overall, these addresses have received around 8.7 million USD, with an average of 49.24 USD per transaction.

Over 70% of the active addresses that we are capturing are detected before they receive any transaction, that is, before anyone is victimized. We also present some post-processing analysis of the dataset that we have captured to aggregate attacks that can be reasonably confidently linked to the same attacker or group.

Our system is one of the first academic feeds to the APWG eCrime Exchange database. It has been actively and automatically feeding the database since November-2020.

Train and Test Datasets

The following are the train and test data sets we used in our experiments. The files below are directories with the training instances dom as HTML pages saved in .html extension and the first and land URLs saved in .url extension
Training dataset

Collected Datasets

The following are the collected scam instances collected for the paper analysis.
Scam domains
Bitcoin addresses with transactions at the time of writing
Bitcoin addresses with no transactions at the time of writing
Addresses for other cryptocurrencies
The search queries
Example of fake log