Bitcoin is one of the most popular decentralized cryptocurrencies to date. However, it has been widely reported that it can be used for investment scams, which are referred to as high yield investment programs (HYIP). Although from the security forensic point of view it is very important to identify the HYIP operators' Bitcoin addresses, so far in the open technical literature no systematic method which reliably collects and identifies such Bitcoin addresses has been proposed. In this paper, a novel methodology is introduced, which efficiently collects a large number of the HYIP operators' Bitcoin addresses and identifies them based upon a novel analysis of their transactions history. In particular, a scraping-based method is first proposed which is able to collect more than 2,000 HYIP operators' Bitcoin addresses from the Internet thus providing a large number of the HYIPs' samples. Second, a supervised machine learning technique, which classifies, whether or not, specific Bitcoin addresses belong to the HYIP operators, is introduced and its performance is evaluated. The proposed classification method is based upon two novel approaches, namely the rate conversion technique that mitigates the effect of Bitcoin price volatility and the sampling technique that reduces the computational amount without sacrificing the classification performance. By employing close to 30,000 real Bitcoin addresses, extensive performance evaluation results obtained by means of computer simulation experiments have shown that the proposed methodology achieves excellent performance, i.e., 95% of the HYIP addresses can be correctly classified, while maintaining a false positive rate less than 4.9%. In order to further validate the proposed classifier's ability to detect the HYIP operators' Bitcoin addresses, our designed classifier has been tested against a recently published list of the HYIP addresses maintaining its excellent detection accuracy by achieving a 93.75% success rate.
ASJC Scopus subject areas
- コンピュータ サイエンス（全般）