Taro Tsuchiya's Avatar

Taro Tsuchiya

@tarotsuchiya.bsky.social

Ph.D. Student at Carnegie Mellon. Cylab Studying computer security & online crime. https://taro-tsuchiya.github.io/

8 Followers  |  9 Following  |  8 Posts  |  Joined: 04.06.2025  |  1.6844

Latest posts by tarotsuchiya.bsky.social on Bluesky

Preview
Toxin Tagger (T-T) on X: "🚨Warning🚨: There was a surge in the number of poisoning attacks on Ethereum, potentially due to the lower transaction fees. Figures: Daily number of poisoning transfers in August 2025 for Ethereum and BSC. https://t.co/jorxvN3hv3" / X 🚨Warning🚨: There was a surge in the number of poisoning attacks on Ethereum, potentially due to the lower transaction fees. Figures: Daily number of poisoning transfers in August 2025 for Ethereum and BSC. https://t.co/jorxvN3hv3

This is concerning, it seems like lower fees on Ethereum are facilitating address poisoning attacks…

x.com/toxin_tagger...

03.09.2025 17:30 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Taro just presented this at #usesec25, and will be manning the poster shortly. If you are around we would love to hear from you.

13.08.2025 20:30 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Blockchain Address Poisoning In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...

New research alert 🚨 from my group, β€œBlockchain Address Poisoning” (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)

21.07.2025 17:10 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 1    πŸ“Œ 1

7/
Finally, we estimated the time saved by skipping validations, from both the local simulations and 14 weeks of testnet measurement. Although processing time can be reduced by a few milliseconds, the marginal latency benefits may not necessarily justify the potential damage from the attack.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

6/
Furthermore, we conducted attack simulations in a local network and confirmed that our proposed attack can evict as many honest transactions from both the mempool and the block as other DoS attacks, but at significantly lower costs.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Estimating how one invalid transaction gets amplified at the modified nodes.

Estimating how one invalid transaction gets amplified at the modified nodes.

5/
Based on our mathematical modeling and measurements, we showed that the attacker can amplify the invalid transaction at modified nodes by a factor of at least 3,600, causing economic damage that is 13,800x (!) the amount needed to carry out the attack.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

4/
To accurately estimate the attack impact on the network, we developed a new cost-effective and ethical method for inferring the network topology. To implement it, we designed two customized monitoring nodes to scan network activity, resulting in 2.5 billion observations.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

3/
We first found that some relay services forward transactions significantly faster than others, but propagate invalid ones, suggesting a lack of proper validation checks. Indeed, we observed that attackers already target these services in the wild, flooding them with invalid transactions.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Overview of a Blockchain Amplification Attack

Overview of a Blockchain Amplification Attack

2/
We proposed a Blockchain Amplification Attack where attackers use those nodes to amplify an invalid transaction thousands of times to the entire network. Do latency benefits justify the security risks? We used mathematical modeling, large-scale network measurement, and simulations to find out.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

1/
Latency matters in the Ethereum P2P network due to economic incentives such as arbitrage and front-running. Here, blockchain network nodes face a dilemma: skip transaction validations for lower latency and higher profits, but risk accepting floods of invalid transactions from attackers.

09.06.2025 21:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Blockchain Amplification Attack | Proceedings of the ACM on Measurement and Analysis of Computing Systems Strategies related to the blockchain concept of Extractable Value (MEV/BEV), such as arbitrage, front-, or back-running create strong economic incentives for network nodes to reduce latency. Modified ...

I am delighted to announce that our paper β€œBlockchain Amplification Attack” has been accepted to ACM SIGMETRICS. This week, I will be in Stony Brook to present our work!

Amazing coauthors: Liyi Zhou, Kaihua Qin, Arthur Gervais, and @nc2y.bsky.social

Paper: dl.acm.org/doi/10.1145/...

TLDR below.

09.06.2025 21:04 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 1

@tarotsuchiya is following 9 prominent accounts