The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. However, previous studies have primarily concentrated on de-anonymization and phishing nodes, neglecting the distinctive features of web3 scams. Moreover, the current phishing account detection tools utilize graph learning or sampling algorithms to obtain graph features. However, large-scale transaction networks with temporal attributes conform to a power-law distribution, posing challenges in detecting web3 scams. To overcome these challenges, we present ScamSweeper, a novel framework that emphasizes the dynamic evolution of transaction graphs, to identify web3 scams on Ethereum. ScamSweeper samples the network with a structure temporal random walk, which is an optimized sample walking method that considers both temporal attributes and structural information. Then, the directed graph encoder generates the features of each subgraph during different temporal intervals, sorting as a sequence. Moreover, a variational Transformer is utilized to extract the dynamic evolution in the subgraph sequence. Furthermore, we collect a large-scale transaction dataset consisting of web3 scams, phishing, and normal accounts, which are from the first 18 million block heights on Ethereum. Subsequently, we comprehensively analyze the distinctions in various attributes, including nodes, edges, and degree distribution. Our experiments indicate that ScamSweeper outperforms SIEGE, Ethident, and PDTGA in detecting web3 scams, achieving a weighted F1-score improvement of at least 17.29% with the base value of 0.59. In addition, ScamSweeper in phishing node detection achieves at least a 17.5% improvement over DGTSG and BERT4ETH in F1-score from 0.80.

翻译：Web3应用近年来持续增长，尤其在以太坊平台上，已开始成为诈骗者的目标。Web3诈骗通过模仿合法平台提供的服务，模拟常规活动以欺骗用户。然而，先前研究主要集中于去匿名化和钓鱼节点检测，忽视了Web3诈骗的独有特征。此外，现有的钓鱼账户检测工具利用图学习或采样算法获取图特征，但具有时间属性的大规模交易网络符合幂律分布，这给Web3诈骗检测带来了挑战。为克服这些挑战，我们提出了ScamSweeper——一种强调交易图动态演化的新型框架，用于识别以太坊上的Web3诈骗。ScamSweeper采用结构时序随机游走对网络进行采样，这是一种同时考虑时间属性和结构信息的优化采样遍历方法。随后，有向图编码器生成不同时间区间内各子图的特征，并将其排序为序列。此外，我们利用变分Transformer提取子图序列中的动态演化特征。我们进一步收集了一个大规模交易数据集，包含来自以太坊前1800万个区块高度的Web3诈骗账户、钓鱼账户及正常账户，并系统分析了节点、边和度分布等多种属性的差异。实验表明，在检测Web3诈骗方面，ScamSweeper显著优于SIEGE、Ethident和PDTGA，在基准值0.59的基础上将加权F1分数提升了至少17.29%。在钓鱼节点检测任务中，ScamSweeper相比DGTSG和BERT4ETH在F1分数上实现了至少17.5%的提升（基准值为0.80）。