Using Graph Cycle Detection to Reveal Suspicious Ethereum Token Transfer Behaviour

Andrew Le Gear; Farshad Ghassemi Toosi; Ashish Rajendra Sai; Tawny Whatmore; Jim Buckley

doi:10.1109/BCCA66705.2025.11229709

Using Graph Cycle Detection to Reveal Suspicious Ethereum Token Transfer Behaviour

Andrew Le Gear
, Farshad Ghassemi Toosi
, Ashish Rajendra Sai
, Tawny Whatmore
, Jim Buckley

Department of Computer Science & Information Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In the unregulated world of Initial Coin Offerings (ICOs), hiding malicious trading is all too easy in a large-scale set of transactions. This paper uses a graph-based representation of the blockchain to identify a topology that reveals suspicious intent to manipulate the perceived value of those offerings. As the computational complexity of identifying this topology could be prohibitive for unfiltered data-sets, this work derives metrics indicative of the topology. Using these explicitly-defined metrics and a past degradation of service on the Ethereum network originating with the iFishYunYu token, we show how this approach can reveal it to have been a deliberate attack, rather than simply an unprecedentedly highly-traded token. The formalization of this approach in the paper will allow detection of other such “pump-and-dump” attacks in the future.

Original language	Undefined/Unknown
Title of host publication	2025 7th International Conference on Blockchain Computing and Applications (BCCA)
Pages	31-38
Number of pages	8
DOIs	https://doi.org/10.1109/BCCA66705.2025.11229709
Publication status	Published - 22 Oct 2025

Keywords

Measurement
Regulators
Network topology
Forensics
Smart contracts
Reverse engineering
Games
Blockchains
Topology
Fraud
Blockchain
Ethereum
Smart Contract
Reverse Engineering
Graph Analysis

Access to Document

10.1109/BCCA66705.2025.11229709

Cite this

@inproceedings{8f7a4beb4f1d4932b1c34249e4452e2d,

title = "Using Graph Cycle Detection to Reveal Suspicious Ethereum Token Transfer Behaviour",

abstract = "In the unregulated world of Initial Coin Offerings (ICOs), hiding malicious trading is all too easy in a large-scale set of transactions. This paper uses a graph-based representation of the blockchain to identify a topology that reveals suspicious intent to manipulate the perceived value of those offerings. As the computational complexity of identifying this topology could be prohibitive for unfiltered data-sets, this work derives metrics indicative of the topology. Using these explicitly-defined metrics and a past degradation of service on the Ethereum network originating with the iFishYunYu token, we show how this approach can reveal it to have been a deliberate attack, rather than simply an unprecedentedly highly-traded token. The formalization of this approach in the paper will allow detection of other such “pump-and-dump” attacks in the future.",

keywords = "Measurement, Regulators, Network topology, Forensics, Smart contracts, Reverse engineering, Games, Blockchains, Topology, Fraud, Blockchain, Ethereum, Smart Contract, Reverse Engineering, Graph Analysis",

author = "Gear, \{Andrew Le\} and Toosi, \{Farshad Ghassemi\} and Sai, \{Ashish Rajendra\} and Tawny Whatmore and Jim Buckley",

year = "2025",

month = oct,

day = "22",

doi = "10.1109/BCCA66705.2025.11229709",

language = "Undefined/Unknown",

pages = "31--38",

booktitle = "2025 7th International Conference on Blockchain Computing and Applications (BCCA)",

}

TY - GEN

T1 - Using Graph Cycle Detection to Reveal Suspicious Ethereum Token Transfer Behaviour

AU - Gear, Andrew Le

AU - Toosi, Farshad Ghassemi

AU - Sai, Ashish Rajendra

AU - Whatmore, Tawny

AU - Buckley, Jim

PY - 2025/10/22

Y1 - 2025/10/22

N2 - In the unregulated world of Initial Coin Offerings (ICOs), hiding malicious trading is all too easy in a large-scale set of transactions. This paper uses a graph-based representation of the blockchain to identify a topology that reveals suspicious intent to manipulate the perceived value of those offerings. As the computational complexity of identifying this topology could be prohibitive for unfiltered data-sets, this work derives metrics indicative of the topology. Using these explicitly-defined metrics and a past degradation of service on the Ethereum network originating with the iFishYunYu token, we show how this approach can reveal it to have been a deliberate attack, rather than simply an unprecedentedly highly-traded token. The formalization of this approach in the paper will allow detection of other such “pump-and-dump” attacks in the future.

AB - In the unregulated world of Initial Coin Offerings (ICOs), hiding malicious trading is all too easy in a large-scale set of transactions. This paper uses a graph-based representation of the blockchain to identify a topology that reveals suspicious intent to manipulate the perceived value of those offerings. As the computational complexity of identifying this topology could be prohibitive for unfiltered data-sets, this work derives metrics indicative of the topology. Using these explicitly-defined metrics and a past degradation of service on the Ethereum network originating with the iFishYunYu token, we show how this approach can reveal it to have been a deliberate attack, rather than simply an unprecedentedly highly-traded token. The formalization of this approach in the paper will allow detection of other such “pump-and-dump” attacks in the future.

KW - Measurement

KW - Regulators

KW - Network topology

KW - Forensics

KW - Smart contracts

KW - Reverse engineering

KW - Games

KW - Blockchains

KW - Topology

KW - Fraud

KW - Blockchain

KW - Ethereum

KW - Smart Contract

KW - Reverse Engineering

KW - Graph Analysis

U2 - 10.1109/BCCA66705.2025.11229709

DO - 10.1109/BCCA66705.2025.11229709

M3 - Conference contribution

SP - 31

EP - 38

BT - 2025 7th International Conference on Blockchain Computing and Applications (BCCA)

ER -