Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud

Criminals, using crypto wallets referred to as Deceptive Creator Wallets (DCWs), have orchestrated fraudulent activities by luring victims to transfer funds to fraud smart contracts. Since it is almost impossible to reverse the transactions or pinpoint the true identity of the criminals, the industry has turned to flagging such contracts as user warnings. However, current mitigation efforts focus on individual contracts, overlooking the DCWs behind the scenes. Consequently, our research found that this oversight allows fraud to thrive. To address this, we developed CoCo, an automated forensic analysis pipeline that processes a single fraud contract and generates evidence that the legal authorities need to mitigate the fraud. Applying CoCo to 157 confirmed fraud contracts, our research uncovered 1,283,198 associated contracts linked to 91 DCWs, responsible for 2,638,752 ETH (2,089,504,682) in illicit profits. More alarmingly, CoCo traces the fraudulent activities back to September 2017. In response, we are closely collaborating with Etherscan and the FBI to combat the fraud identified in our study.