I found out my work is credited in this paper, Characterizing Cryptocurrency Exchange Scams. It was published in July, 2020 in the Computers & Security journal. I’ve been reliably informed that this is an A-List journal.
This group of security researchers, who are mainly from Beijing University, hunted down a massive trove of 1,595 scam domains targeting cryptocurrency exchanges, and they used my software to help them do it. Over 10 years ago I published the first version of my open-source software, URLCrazy. The latest version was updated this year. I’m pleased that my humble software is still kicking ass in 2020.
One novel aspect of their study is discovering apps in the Google Play store that are associated with these threatening domains. Great work guys!
It’s an interesting paper and well worth a read. I’ve included their abstract below.
As the indispensable trading platforms of the ecosystem, hundreds of cryptocurrency exchanges are emerging to facilitate the trading of digital assets. While, it also attracts the attention of attackers. A number of scam attacks were reported targeting cryptocurrency exchanges, leading to a huge amount of financial loss. However, no previous work in the research community has systematically studied this problem. This paper makes the first effort to identify and characterize the cryptocurrency exchange scams. First, over 1,500 scam domains and over 300 fake apps are identified, by collecting existing reports and using typosquatting generation techniques. Then, by investigating the relationship between the scam domains and fake apps, this paper identifies 94 scam domain families and 30 fake app families. By further characterizing the impacts of such scams, it is revealed that these scams have incurred financial loss of 520k US dollars at least. It is further observed that the fake apps have been sneaked to major app markets (including Google Play) to infect unsuspicious users. The findings in this paper demonstrate the urgency to identify and prevent cryptocurrency exchange scams. To facilitate future research, all the identified scam domains and fake apps have been publicly released to the research community.