Lightnews — Scholar-powered news

Nicolas Christin @nc2y.bsky.social · 27d

We're hosting the 7th intl' conf. on Advances in Financial Technologies (AFT'25) at Carnegie Mellon on Oct. 8-10. Join us to hear about the latest exciting developments in crypto research. Registration closes on Sept 16!
advfintech.org/aft25/attend...
(Program: advfintech.org/aft25/progra...)

Advances in Financial Technologies

advfintech.org

1 1

Nicolas Christin @nc2y.bsky.social · Sep 3

This is concerning, it seems like lower fees on Ethereum are facilitating address poisoning attacks…

x.com/toxin_tagger...

Toxin Tagger (T-T) on X: "🚨Warning🚨: There was a surge in the number of poisoning attacks on Ethereum, potentially due to the lower transaction fees. Figures: Daily number of poisoning transfers in August 2025 for Ethereum and BSC. https://t.co/jorxvN3hv3" / X

🚨Warning🚨: There was a surge in the number of poisoning attacks on Ethereum, potentially due to the lower transaction fees. Figures: Daily number of poisoning transfers in August 2025 for Ethereum and BSC. https://t.co/jorxvN3hv3

x.com

1 1

Nicolas Christin @nc2y.bsky.social · Aug 15

That’s a wrap for me at #usesec25
Conferences should really consider reusing the tag holders, the amount of wasted plastic is staggering

Nicolas Christin @nc2y.bsky.social · Aug 15

“Canadian pharmacist helps run notorious deepfake porn site.”

The online crime jokes write themselves.

1 1

Nicolas Christin @nc2y.bsky.social · Aug 14

Ah true but I should try again today then

Reposted by Nicolas Christin

Wentao Guo @wentaoguo.bsky.social · Aug 13

I'm presenting my USENIX paper "How Researchers De-Identify Data in Practice" at 9am this Thursday. Kudos to my co-authors Paige Pepitone, @adamaviv.bsky.social, and @mmazurek.bsky.social. Come say hi—I am on the academic job market!

Here's the paper: www.usenix.org/conference/u...
#usesec25

Poster for our paper "How Researchers De-Identify Data in Practice"

2 6

Nicolas Christin @nc2y.bsky.social · Aug 13

Taro just presented this at #usesec25, and will be manning the poster shortly. If you are around we would love to hear from you.

Nicolas Christin @nc2y.bsky.social · Jul 21

New research alert 🚨 from my group, “Blockchain Address Poisoning” (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)

Blockchain Address Poisoning

In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...

arxiv.org

2 2

Nicolas Christin @nc2y.bsky.social · Aug 13

I’m not sure there is a more clichéed Seattle experience than having a latte at a local coffee shop with some salmon on toast while they’re blaring Soundgarden’s “Outshined.”

1 3

Nicolas Christin @nc2y.bsky.social · Aug 12

My student Jenny Tang (coadvised with @lujobauer.bsky.social) is making friends at SOUPS with our paper on looking at 10 years of SOUPS papers and reviewing how solid the stats were. Basically: not great, not great at all. (And that includes my own work.)
Paper: www.andrew.cmu.edu/user/nicolas...

www.andrew.cmu.edu

1 2

Nicolas Christin @nc2y.bsky.social · Jul 21

TLDR: Address poisoning is a thing.
Paper: arxiv.org/abs/2501.16681
Real-time website: cryptotrade.cylab.cmu.edu/poisoning/
Real-time twitter bot:
x.com/toxin_tagger
(no BlueSky bot yet, sorry, soon I hope)
(7/7 end)

Blockchain Address Poisoning

In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...

arxiv.org

Nicolas Christin @nc2y.bsky.social · Jul 21

We simulated the lookalike address generation process across various software- and hardware-based implementations. One large attacker group appears to use GPUs for this attack! The paper also discusses some defenses. (6/7)

1

Nicolas Christin @nc2y.bsky.social · Jul 21

We discovered a few large attack entities using clustering techniques. Larger groups are vastly profitable and win against smaller attack groups. We uncovered some attack strategies, such as populations they target, success conditions, and cross-chain attacks. (5/7)

1

Nicolas Christin @nc2y.bsky.social · Jul 21

We developed a detection system and performed measurements on two years of ETH and BSC. We identified 13x the number of attack attempts reported previously—in all, 270M on-chain attacks targeting 17M victims. 6,633 incidents have caused at least 83.8M USD in losses. (4/7)

1 1

Nicolas Christin @nc2y.bsky.social · Jul 21

The attacker generates “lookalike” addresses that resemble the victim’s recipient’s address, engages with the victim to “poison” the transaction history, and fools the victim into sending their assets to the attacker by mistake. (3/7)

1

Nicolas Christin @nc2y.bsky.social · Jul 21

Background: Crypto wallet addresses are usually impossible to memorize. As a result, users often select addresses from their recent transaction history, which facilitates phishing-like attacks: blockchain address poisoning. (2/7)

1 1

Nicolas Christin @nc2y.bsky.social · Jul 21

New research alert 🚨 from my group, “Blockchain Address Poisoning” (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)

Blockchain Address Poisoning

In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...

arxiv.org

1 2 4

Reposted by Nicolas Christin

CMU Software & Societal Systems (S3D) @cmus3d.bsky.social · Jun 19

CMU S3D’s “Tartan Federer” swept all 4 MIDST tracks, revealing privacy gaps in diffusion models.

Its loss-feature attack was the only entry to beat random guessing in the white-box multi-table test.

Details: s3d.cmu.edu/news/2025/0501-midst.html

#AIPrivacy #CMU #AI #ML!

CMU's "Tartan Federer" Team Sweeps All Four Tracks at International AI Privacy Challenge - Software and Societal Systems Department - School of Computer Science - Carnegie Mellon University

Carnegie Mellon University's "Tartan Federer" team, led by S3D’s Zhiwei Steven Wu, achieved a clean sweep at the 2025 Vector Institute MIDST Challenge, winning all four competition tracks. Their innov...

s3d.cmu.edu

1 1

Reposted by Nicolas Christin

Mike Wiser @drmikewiser.bsky.social · Jun 17

Just because your prof didn't file an academic dishonesty report does not mean that they don't know you cheated.

Knowing you did it and proving it to the hearing board are two different thresholds.

Mike Feigin 🥯 @mikefeigin.bsky.social · Jun 17

What is common knowledge in your field, but shocks outsiders?

Scientists and governments aren’t colluding to hide the cure for cancer.

Aaron Sofaer ✍️🏳️‍⚧️ @aaronsofaer.bsky.social · Jun 16

What is common knowledge in your field, but shocks outsiders?

Almost all of the bugs and problems and breakage in the software you use is known to the engineers, we just aren't allowed to fix it. Gotta ship new features.

2 5 31

Nicolas Christin @nc2y.bsky.social · Jun 16

Details: it's likely that there are some symbol mismatches between some homebrew libraries linked against old OpenGL libs and the new OpenGL shipping with Sequoia. This drove me nuts. So I'm posting this here in hopes people don't waste their time. Oh, and don't ask an LLM, they're clueless.

Nicolas Christin @nc2y.bsky.social · Jun 16

PSA: If you're using homebrew, and discovered that MAME crashes w/ a Bus Error upon startup after upgrading to Sequoia, 1) update mame.ini so that the line containing gl_lib points to /System/Library/Frameworks/OpenGL.framework/Libraries/libGLVMPlugin.dylib 2) launch w/ DYLD_LIBRARY_PATH="" mame

1

Nicolas Christin @nc2y.bsky.social · Jun 9

🧵 about a new paper by my amazing students and collaborators. To appear this week at SIGMETRICS. 👇

Taro Tsuchiya @tarotsuchiya.bsky.social · Jun 9

I am delighted to announce that our paper “Blockchain Amplification Attack” has been accepted to ACM SIGMETRICS. This week, I will be in Stony Brook to present our work!

Amazing coauthors: Liyi Zhou, Kaihua Qin, Arthur Gervais, and @nc2y.bsky.social

Paper: dl.acm.org/doi/10.1145/...

TLDR below.

Blockchain Amplification Attack | Proceedings of the ACM on Measurement and Analysis of Computing Systems

dl.acm.org

1

Reposted by Nicolas Christin

Carnegie Mellon University @cmu.edu · Jun 6

CMU researchers are using personalized models to decode how cancer behaves in individual patients, one of medicine's toughest challenges.

Through individualized data and insights, their work revealed hidden #cancer subtypes that could inform treatment and improve survival predictions.

#Research

CMU Researchers Build Personalized Models To Advance Precision Cancer Care

Researchers from Carnegie Mellon University’s School of Computer Science developed a new approach to bridge this gap between available data and actionable insight, creating personalized models to help...

www.cmu.edu

4 8

Nicolas Christin @nc2y.bsky.social · May 28

Looking for a home for your great scientific result in fintech that is almost all written up and ready to go? The AFT deadline is in less than 24 hours…

aftconf.github.io/aft25/index....

Advances in Financial Technologies

aftconf.github.io

Nicolas Christin @nc2y.bsky.social · May 25

Jokes aside yeah it seems like this could work.

Nicolas Christin @nc2y.bsky.social · May 25

Do you live in England, by any chance?

1 1