Abstract

The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to ob tain an unfairly large payout
Original languageEnglish
Title of host publication Proceedings of the 17th International Joint Conference on e-Business and Telecommunication: SECRYPT
PublisherSciTePress - Science and Technology Publications
Pages388-396
Volume3
ISBN (Electronic)978-989-758-446-6
DOIs
Publication statusPublished - 2020
Event17th International Conference on Security and Cryptography - Virtuell, France
Duration: 8 Jul 202010 Jul 2020

Conference

Conference17th International Conference on Security and Cryptography
Abbreviated titleSECRYPT 2020
CountryFrance
CityVirtuell
Period8/07/2010/07/20

Fingerprint Dive into the research topics of 'This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining'. Together they form a unique fingerprint.

Cite this