Detecting Malicious Accounts on the Ethereum Blockchain with Supervised Learning

Ethereum is a blockchain platform where users can transact cryptocurrency as well as build and deploy decentralized applications using smart contracts. The participants in the Ethereum platform are ‘pseudo-anonymous’ and same user can have multiple accounts under multiple cryptographic identities. As a result, detecting malicious users engaged in fraudulent activities as well as attribution are quite difficult. In the recent past, multiple such activities came to light. In the famous Ethereum DAO attack, hackers exploited bug in smart contracts stole large amount of cryptocurrency using fraudulent transactions. However, activities such as ponzi-scheme, tax evasion by transacting in cryptocurrency, using pseudo-anonymous accounts for receiving ransom payment, consolidation of funds accumulated under multiple identities etc. should be monitored and detected in order to keep legitimate users safe on the platform. In this work, we detect malicious nodes by using supervised machine learning based anomaly detection in the transactional behavior of the accounts. Depending on the two prevalent account types – Externally Owned Account (EOA) and smart contract accounts, we apply two distinct machine learning models. Our models achieve a detection accuracy of 96.54% with 0.92% false-positive ratio and 96.82% with 0.78% false-positive ratio for EOA and smart contract account analysis, respectively. We also find the listing of 85 new malicious EOA and 1 smart contract addresses between 20 January 2020 and 24 February 2020. We evaluate our model on these, and the accuracy of that evaluation is 96.21% with 3% false positive.