Blockchain ecosystems are increasingly targeted by social-engineering attacks that trick users into authorizing malicious operations rather than exploiting protocol flaws. We systematize these attacks with an empirically grounded taxonomy that jointly considers off-chain deception and on-chain execution, based on 152 documented incidents from 2022–2024 reported by major blockchain security firms and threat-intelligence feeds. Each incident is coded along three dimensions-technical vector (for example, token approvals, meta-transactions, multicall), required user interaction, and on-chain observability-allowing us to derive hierarchical attack families and to highlight the central role of permission-abuse primitives such as setApprovalForAll, permit, and permit2. We map these families to concrete mitigations at the levels of wallet design, protocol standards, and user-facing safeguards, providing a structured basis for monitoring and comparative evaluation of user-focused attacks in decentralized systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Social Engineering in Blockchain: A Taxonomy and Analysis of On-Chain and Off-Chain Attack Vectors

  • Sara Bentifraouine,
  • Elloh Adja,
  • Nida Meddourri,
  • David Beserra

摘要

Blockchain ecosystems are increasingly targeted by social-engineering attacks that trick users into authorizing malicious operations rather than exploiting protocol flaws. We systematize these attacks with an empirically grounded taxonomy that jointly considers off-chain deception and on-chain execution, based on 152 documented incidents from 2022–2024 reported by major blockchain security firms and threat-intelligence feeds. Each incident is coded along three dimensions-technical vector (for example, token approvals, meta-transactions, multicall), required user interaction, and on-chain observability-allowing us to derive hierarchical attack families and to highlight the central role of permission-abuse primitives such as setApprovalForAll, permit, and permit2. We map these families to concrete mitigations at the levels of wallet design, protocol standards, and user-facing safeguards, providing a structured basis for monitoring and comparative evaluation of user-focused attacks in decentralized systems.