De-anonymizing Ethereum blockchain smart contracts through code attribution

摘要

Blockchain users are identified by addresses (public keys), which cannot be easily linked back to them without out-of-network information. This provides pseudo-anonymity, which is amplified when the user generates a new address for each transaction. Since all transaction history is visible to all users in public blockchains, finding affiliation between related addresses undermines pseudo-anonymity. Such affiliation information can be used to discriminate against addresses linked with undesired activities or can lead to de-anonymization if out-of-network information becomes available. In this work, we propose an approach to undermine pseudo-anonymity of blockchain transactions by linking together addresses that were used to deploy smart contracts, which were produced by the same authors. In our approach, we leverage stylometry techniques, widely used in the social science field for attribution of literary texts to their corresponding authors. The assumption underlying authorship attribution is the existence of a distinctive writing style, unique to an author and easily distinguishable from others. Drawing an analogy between literary text and smart contracts' source code, we explore the extent to which unique features of source code and byte code of Ethereum smart contracts can represent the coding style of smart contract developers. We show that even a small number of representative features leads to a sufficiently high accuracy in attributing smart contracts' code to its deployer's address. We further validate our approach on real-world scammers' data and Ponzi scheme-related contracts. Additionally, we provide an algorithm to extract distinctly contributing features per an entire dataset or per specific authors. We use this algorithm to extract and explore such features in our dataset and in the Ponzi scheme-related dataset.