To catch a cryptocurrency thief

Posted on Tuesday, April 13, 2021

Back view of Professor Guy-Vincent Jourdan using a computer

uOttawa sleuths uncover cyber scams before they claim victims

With thefts, hacks and scams costing cryptocurrency investors an estimated USD$4.4 billion in a single year, a team from the Faculty of Engineering at the University of Ottawa has developped a detection system for catching scammers in the act.

Professor Guy-Vincent Jourdan, his doctoral student Emad Badawi, and fellow researchers adapted an automated detection system for finding Bitcoin generator scam webpages and for extracting and monitoring the Bitcoin wallet addresses used in the scams. In doing so, they have been able to track potential attacks against Bitcoin investors before they become victims.

Bitcoin generator scams

Professor Guy-Vincent Jourdan

"Our system automatically finds new instances of the scam as they are being advertised to victims. (Our) final system analyzes these instances in real time to extract specific information, such as the payment address." – Professor Guy-Vincent Jourdan

“In scams that ultimately do receive payment, we can flag the address before the first payment is submitted in over 70 percent of the cases,” says Professor Jourdan, who is collaborating with IBM Canada and the international think tank Anti-Phishing Working Group (APWG) on the project. “That is the most exciting part of the system to us: ideally, we want to block the attack before there are any victims, and our system is a step in that direction.”

This proactive approach to detecting cryptocurrency fraud has seen their system detect well over 8,000 addresses.

“We leverage the fact that these scams need to be advertised. Scammers do not know their victims, and thus must advertise their fraudulent ‘services’ and wait for victims to come,” says Professor Jourdan, who teaches in the School of Electrical Engineering and Computer Science.

“We initially spend time in forums and other places where the scams are being advertised to create an initial dataset. We then extract several characteristics found in these advertisements and we use our web crawler to systematically look for pages having similar characteristics."

Blocking fraudulent attacks

“We give all the pages found by the crawler to our classifier, which we have trained to flag real scam instances. As a result, our system automatically finds new instances of the scam as they are being advertised to victims. We then have a final system that analyzes these instances in real time, as they are being discovered, to extract specific information, such as the payment address,” adds the Computer Science professor, whose research is at the heart of the University of Ottawa’s hub for cybersecurity and cyber safety, launched in partnership with IBM Canada in 2019.

When fraudulent addresses are uncovered, Jourdan’s team shares them with the research community and the APWG, which runs the eCrime eXchange clearinghouse. This is used by professionals working in the field, including cryptocurrency exchanges, wallet providers, and trading platforms. The database being built through this international collaboration is becoming increasingly important in the fight against cryptocurrency fraud.

“It is not a stretch to imagine that law enforcement agencies use this data as well,” says Jourdan.

The University of Ottawa and the University of Tulsa are the first universities in the world to contribute data to the Crypto Currency Working Group’s growing repository of cryptocurrency wallet addresses used by cybercriminals to collect ransoms and scammed payments from victims. IBM is supporting uOttawa’s project, with IBM Security X-Force, the company’s threat intelligence division, providing guidance and resources.

For media enquiries:
Paul Logothetis
Media Relations Agent
Cell: 613.863.7221

Back to top