NDSS 2025 – Dissecting Payload-Based Transaction Phishing On Ethereum

The emergence of payload‑based transaction phishing marks a pivotal shift in blockchain security. Unlike earlier scams that relied on simple address tricks, PTXPHISH embeds malicious code within smart‑contract calls, luring users into executing harmful payloads. This evolution exploits the trustless nature of decentralized applications, making detection far more complex. As Ethereum’s transaction volume surges, attackers capitalize on the platform’s openness, turning smart‑contract interactions into a lucrative attack surface that has already generated hundreds of millions in illicit gains.

In response, a multidisciplinary team from Zhejiang University conducted the first systematic study of PTXPHISH. By aggregating five thousand verified phishing transactions over an extended period, they constructed a comprehensive dataset that underpins a multi‑dimensional, rule‑based detection engine. The system delivers an impressive F1‑score above 99% and processes each new block in an average of 390 milliseconds, demonstrating that real‑time mitigation is technically feasible. Their methodology combines payload pattern analysis, gas consumption anomalies, and address‑poisoning signatures, offering a blueprint for security firms and blockchain explorers seeking to flag malicious activity before funds are compromised.

The broader implications extend beyond immediate loss prevention. The researchers identified that a handful of organized groups account for over 40% of total thefts, highlighting the concentration of power among sophisticated criminal networks. Their community outreach—reporting 1,726 phishing addresses and issuing 2,539 on‑chain alerts—has already assisted nearly 2,000 victims, underscoring the value of collaborative threat intelligence. As regulators and industry stakeholders grapple with the rapid growth of decentralized finance, insights from this study provide a critical foundation for policy development, enhanced monitoring tools, and user‑education initiatives aimed at safeguarding the next generation of crypto users.