Cybersecurity

Crypto Security Needs Market-Aware Phishing Detection

mm
Published

In the modern age where most assets and valuable information are digitalized, phishing scams are an important way criminals steal money, much higher than “normal” physical robbery & extortion, with up to $25B in global losses directly attributed to phishing annually.

More broadly, fraud and bank fraud schemes are estimated to have resulted in losses of $485.6B worldwide.

Making it worse, fund recovery is very low, as little as 5%  for digital phishing and cyber fraud (compared to 20% for stolen physical properties), as the stolen funds are instantly laundered through cryptocurrencies or layered international wire networks.

This method sees scammers masquerading as trusted entities to trick individuals into revealing sensitive information, downloading malware, or transferring funds. So this is, at its core, a form of social engineering that manipulates human psychology and trust rather than relying purely on technical hacking methods.

Cryptocurrency markets are especially vulnerable to such attacks, as transactions are irreversible and stolen encryption keys can give criminals access to literal fortunes.

Two recent research papers analyzed the prevalence and characteristics of phishing in cryptocurrency, more precisely in the Ethereum network.

The first one, published by researchers at the University of Manchester (UK), the American University of Sharjah (UAE), and the  Renmin University of China, investigates the market conditions when phishing is most prevalent. It was published at the International Review of Economics & Finance1, and titled “The interplay between crypto market conditions and phishing crimes: Ethereum under the microscope”.

The second article, written by a researcher at the Interdisciplinary Research Center for Finance and Digital Economy, King Fahd University of Petroleum and Minerals, shows that machine-learning models can identify phishing transactions with high accuracy using compact transaction-level features. It was published in Blockchain: Research and Applications2, under the title “Enhanced Phishing Transactions Detection on Ethereum Network with Tree-based Ensembles: An Empirical Study”.

How Does Phishing Work?

Phishing can use a variety of targeting methods: it can consist of mass messages and filter only for the people falling for the scam, or it can be made of highly-tailored messages, customized to seem legit to a specific individual, usually a high-ranking profile at a specific organization or a high-net-worth person.

In any case, the method relies on impersonating a legitimate message, be it a bank email, an invoice from a known supplier, etc. Often, the victim will be redirected to a website that looks like the legitimate one but is actually designed only to capture logins, passwords, and other confidential information.

Recent advances in AI have only made the threats worse, as more adaptive messaging or even impersonation of a real person’s voice can be used to create trust.

Which is why among the recommendations to protect against phishing is to always inspect the full URL of web addresses before entering passwords or financial data, to verify the source directly, and to enable multi-factor authentication (MFA).

Ethereum Market Conditions & Phishing

Building A Relevant Dataset

The study used monthly cryptocurrency data from January 2016 to December 2022 to analyze the returns of global phishing crime numbers. The 2016 mark was chosen as this is when Ethereum attracted more public attention and saw higher levels of market activity, and when Ethereum market capitalization began to experience considerable growth and volatility.

Phishing is by far the most prevalent type of scam in the crypto space, making up more than half of the total. The Ethereum decentralized app chains are where the immense majority of these scams occurred.

The researchers compared these statistics on phishing to six Ethereum financial metrics gathered from transactions executed on the Kraken cryptocurrency exchange:

  • Total number of transactions.
  • Average price per transaction.
  • Average transaction quantity.
  • Aggregate quantity of tokens traded.
  • Kyle’s lambda: The ratio of price change to order volume, or how much a large trade moves an asset’s price.
  • Implicit transaction cost.

More Trading Means More Phishing

Looking at the correlation between these Ethereum market stats and phishing, a clear correlation emerged: large increases in phishing crime numbers are strongly associated with large increases in Ethereum transaction activity, average transaction price, and transaction quantity.

Unsurprisingly, transaction costs are negatively associated with phishing activity, as scammers look to avoid losses on each stolen transaction.

However, lower liquidity was linked to more phishing, as it pushes users to seek alternative, potentially unsafe methods to save on costs or speed up transactions.

One key reason for this correlation, suspected by the researchers, is that higher trading activity reflects heightened interest and engagement. This, in turn, creates a greater pool of potential phishing targets who are more likely to have lowered their guard.

Similarly, the fear of missing out (FOMO) on potential financial gains can also cause individuals to become more vulnerable, leading to hasty decisions.

Overall, this creates two channels through which conditions in Ethereum markets influence phishing. The first one is that lower costs just create greater profit, incentivizing criminals to increase their phishing attempts.

“When liquidity is deep and implicit costs are low, offenders can move or convert stolen assets with lower execution costs, increasing the net payoff from phishing.”

The other is the knowledge that sharp increases in price, volatility, and trading volume can attract inexperienced or less-informed investors into the market, more exposed to speculative narratives, urgency, and fear of missing out.

“In this sense, market sentiment and attention operate as behavioural mediators, as they do not directly cause phishing, but they may increase the probability of success of phishing attempts by increasing the number and susceptibility of potential victims.”

Policy Implications

Because phishing operations are not operating in a vacuum, but react to market conditions, so should policies regarding financial crimes. A first step would be to acknowledge these relations and react accordingly.

“Regulatory authorities and cryptocurrency exchanges could enhance their surveillance mechanisms during periods of significant market activity or volatility, adopting proactive strategies to identify and disrupt potential phishing campaigns before they impact victims. ”

Another element is that transaction costs might not just be costs, but also a deterrent against criminal activities. So while blanket high transaction costs are not desirable, targeted levies on suspicious high-frequency transactions might help a lot.

“Elevated transaction costs appear to deter phishing activity, indicating that regulators might explore policies or mechanisms that influence transaction costs strategically to mitigate illicit activity without adversely impacting legitimate market operations.”

Lastly, public awareness campaigns should be closely synchronised with market dynamics, especially during times of heightened Ethereum market activity or significant price movements.

“Educational efforts, combined with timely public alerts about potential phishing threats, can substantially reduce victimisation rates by raising awareness among investors and traders.”

Detecting Crypto-Phishing With AI

Selecting Machine Learning Models

In this study, the researchers used machine learning algorithms to test their ability to detect crypto scams. Or more precisely, to assess the effectiveness of tree-based ensemble models (algorithms that aggregate predictions from multiple individual decision trees) in detecting phishing attacks on the Ethereum network.

This included seven tree-based ensemble models: Random Forest, Extra Trees, AdaBoost, CatBoost, Gradient Boosting, XGBoost, and Hist Gradient Boosting.

They used a dataset of 71,250 real Ethereum transactions from 2017 to 2019, provided by another researcher, 22% of which are anomalous. Abnormal (fraud) transactions were collected from the open-source tool, EtherscanDB.

What Data Are Useful For Fraud Detection?

From this analysis, a few facts emerge.

The first one is that some features of the data were very useful for phishing detection, like a block’s timestamp and number, as well as gas and gas price, while some others were essentially irrelevant, like transaction index or block hash.

The other is that some models are widely more efficient and quicker at detecting fraud. To the point that some take up to 5x longer.

However, this speed and computational efficiency can go in parallel with lower precision, as Gradient Boosting was the slowest, but also the model that achieved the strongest overall detection performance.

In practice, a compromise between compute intensity and fraud detection efficiency can be found.

“The use of a compact feature representation demonstrates that effective phishing detection can be achieved with reduced computational overhead, improving scalability.”

Toward Safer Cryptocurrency Markets

Cryptos have been both the target of scams and a way for criminal to launder their ill-acquired gains, a fact that has been, for a long time, a stain on the reputation of the sector.

Thanks to more academic research like these studies, both a deeper understanding of market dynamics and the ability to detect and block phishing attacks can be achieved.

Together, the findings point to a future in which exchanges, wallets, regulators, and blockchain analytics firms treat phishing prevention as a dynamic risk-management problem tied to market conditions.

This should also be important to remember for all crypto users, that the easy path or a sudden demand for identification or password should be treated with the utmost suspicion, especially during market booms and periods of high volatility.

Studies Referenced

1. Yuanyuan Zhang, et al. The interplay between crypto market conditions and phishing crimes: Ethereum under the microscope. International Review of Economics & Finance. September 2026. Article: 105497. Volume 110. 10.1016/j.iref.2026.105497

2. Shikah J. Alsunaidi and Hamoud Aljamaan. Enhanced Phishing Transactions Detection on Ethereum Network with Tree-based Ensembles: An Empirical Study. Blockchain: Research and Applications. 12 June 2026, 100506. https://doi.org/10.1016/j.bcra.2026.100506

mm

Jonathan is a former biochemist researcher who worked in genetic analysis and clinical trials. He is now a stock analyst and finance writer with a focus on innovation, market cycles and geopolitics in his publication 'The Eurasian Century".