Understanding and Characterizing Obfuscated Funds Transfers in Ethereum Smart Contracts
Zhang Sheng, Tan Kia Quang, Shen Wang, Shengchen Duan, Kai Li, Yue Duan
TL;DR
This paper tackles the rising threat of obfuscated funds transfers in Ethereum smart contracts by introducing ObfProbe, an EVM bytecode obfuscation analyzer that uses seven bytecode-level features and a Z-score model to quantify obfuscation. It conducts a large-scale study on over 1.04 million contracts, identifying about 3,128 highly obfuscated contracts and revealing substantial financial risk (approximately $100 million) and increased victimization tied to obfuscation. The work also shows that deep obfuscation degrades the performance of a state-of-the-art Ponzi detector from around 79% accuracy to about 12%, underscoring the need for anti-obfuscation defense techniques. The contributions include open-sourcing ObfProbe and study data, providing a framework for proactive auditing and collaboration to mitigate evolving DeFi security risks.
Abstract
Scam contracts on Ethereum have rapidly evolved alongside the rise of DeFi and NFT ecosystems, utilizing increasingly complex code obfuscation techniques to avoid early detection. This paper systematically investigates how obfuscation amplifies the financial risks of fraudulent contracts and undermines existing auditing tools. We propose a transfer-centric obfuscation taxonomy, distilling seven key features, and introduce ObfProbe, a framework that performs bytecode-level smart contract analysis to uncover obfuscation techniques and quantify obfuscation complexity via Z-score ranking. In a large-scale study of 1.03 million Ethereum contracts, we isolate over 3 000 highly obfuscated contracts and identify two scam archetypes, three high-risk contract categories, and MEV bots that employ a variety of obfuscation maneuvers such as inline assembly, dead code insertion, and deep function splitting. We further show that obfuscation substantially increases both the scale of financial damage and the time until detection. Finally, we evaluate SourceP, a state-of-the-art Ponzi detection tool, on obfuscated versus non-obfuscated samples and observe its accuracy drop from approximately 80 percent to approximately 12 percent in real-world scenarios. These findings highlight the urgent need for enhanced anti-obfuscation analysis techniques and broader community collaboration to stem the proliferation of scam contracts in the expanding DeFi ecosystem.
