About me

I am pursuing my master degree in Security PRIDE Research Group at Huazhong University of Science and Technology (HUST), advised by Prof. Haoyu Wang. I received my B.E. degree in Computer Science at Beijing University of Posts and Telecommunications (BUPT) in 2023. My research interests center on DeFi and blockchain security, with a broader intersts include uncovering software bugs to assess exploitability and analyzing DeFi activities.

I am motivated to contribute to impactful work.

News

[2025-12] Our paper about identifying attack vectors in cryptocurrency wallets is accepted by FSE’26!
[2025-10] I will volunteer at ETHShanghai in Shanghai, China!
[2025-09] Our paper about measureing MEV activities is accepted by ASE’25!
[2025-06] I will attend the SIGMETRICS conference in New York!
[2025-04] Our paper about analyzing blockchain phishing tactics is accepted by SIGMETRICS’25!
[2025-01] Our work about real-time detection of price manipulation attack contract in Ethereum is accepted by Usenix Security’25!
[2024-09] Our work about analyzing cross-chain ecosystem and detecting anomalies is accepted by SIGMETRICS’25!

Publications

[7] WalletProbe: A Testing Framework for Browser-based Cryptocurrency Wallet Extensions.
Xiaohui Hu, Ningyu He, Haoyu Wang
arxiv [PDF] [Cite]

[6] Phishing Tactics Are Evolving: An Empirical Study of Phishing.
Bowen He, Xiaohui Hu, Yufeng Hu, Ting Yu, Rui Chang, Lei Wu, Yajin Zhou
ACM SIGMETRICS / IFIP PERFORMANCE (SIGMETRICS 2025) [PDF] [Cite]

[5] Following Devils' Footprint: Towards Real-time Detection of Price Manipulation Attacks.
Bosi Zhang, Ningyu He, Xiaohui Hu, Kai Ma, Haoyu Wang
Proceedings of the 34th USENIX Security Symposium (USENIX Security 2025) [PDF] [Cite]

[4] Piecing Together the Jigsaw Puzzle of Transactions on Heterogeneous Blockchain Networks.
Xiaohui Hu, Hang Feng, Pengcheng Xia, Gareth Tyson, Lei Wu, Yajin Zhou, Haoyu Wang
ACM SIGMETRICS / IFIP PERFORMANCE (SIGMETRICS 2025) [PDF] [Cite]

  
  
  @article{10.1145/3700424,
author = {Hu, Xiaohui and Feng, Hang and Xia, Pengcheng and Tyson, Gareth and Wu, Lei and Zhou, Yajin and Wang, Haoyu},
title = {Piecing Together the Jigsaw Puzzle of Transactions on Heterogeneous Blockchain Networks},
year = {2024},
issue_date = {December 2024},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {8},
number = {3},
url = {https://doi.org/10.1145/3700424},
doi = {10.1145/3700424},
abstract = {The Web3 ecosystem is increasingly evolving to multi-chain, with decentralized applications (dApps) distributing across different blockchains, which drives the need for cross-chain bridges for blockchain interoperability. However, it further opens new attack surfaces, and media outlets have reported serious attacks related to cross-chain bridges. Nevertheless, few prior research studies have studied cross-chain bridges and their related transactions, especially from a security perspective. To fill the void, this paper presents the first comprehensive analysis of cross-chain transactions. We first make efforts to create by far the largest cross-chain transaction dataset based on semantic analysis of popular cross-chain bridges, covering 13 decentralized bridges and 7 representative blockchains, with over 80 million transactions in total. Based on this comprehensive dataset, we present the landscape of cross-chain transactions from angles including token usage, user profile and the purposes of transactions, etc. We further observe that cross-chain bridges can be abused for malicious/aggressive purposes, thus we design an automated detector and deploy it in the wild to flag misbehaviors from millions of cross-chain transactions. We have identified hundreds of abnormal transactions related to exploits and arbitrages, etc. Our research underscores the prevalence of cross-chain ecosystems, unveils their characteristics, and proposes an effective detector for pinpointing security threats.},
journal = {Proc. ACM Meas. Anal. Comput. Syst.},
month = dec,
articleno = {42},
numpages = {27},
keywords = {blockchain, cross-chain, decentralized finance, transaction analysis}
}
  

[3] Remeasuring the arbitrage and sandwich attacks of maximal extractable value in Ethereum.
Ningyu He, Tianyang Chi, Xiaohui Hu, Haoyu Wang
IEEE/ACM International Conference on Automated Software Engineering (ASE 2025) [PDF] [Cite]

[2] Txphishscope: Towards detecting and understanding transaction-based phishing on ethereum.
Bowen He, Yuan Chen, Zhuo Chen, Xiaohui Hu, Yufeng Hu, Lei Wu, Rui Chang, Haoyu Wang, Yajin Zhou
ACM Conference on Computer and Communications Security (CCS 2023) [PDF] [Cite]

  
  
  @inproceedings{10.1145/3576915.3623210,
author = {He, Bowen and Chen, Yuan and Chen, Zhuo and Hu, Xiaohui and Hu, Yufeng and Wu, Lei and Chang, Rui and Wang, Haoyu and Zhou, Yajin},
title = {TxPhishScope: Towards Detecting and Understanding Transaction-based Phishing on Ethereum},
year = {2023},
isbn = {9798400700507},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3576915.3623210},
doi = {10.1145/3576915.3623210},
abstract = {The prosperity of Ethereum attracts many users to send transactions and trade crypto assets. However, this has also given rise to a new form of transaction-based phishing scam, named TxPhish. Specifically, tempted by high profits, users are tricked into visiting fake websites and signing transactions that enable scammers to steal their crypto assets. The past year has witnessed 11 large-scale TxPhish incidents causing a total loss of more than 70 million.In this paper, we conduct the first empirical study of TxPhish on Ethereum, encompassing the process of a TxPhishTxPhish campaign and details of phishing transactions. To detect TxPhish websites and extract phishing accounts automatically, we present TxPhish, which dynamically visits the suspicious websites, triggers transactions, and simulates results. Between November 25, 2022, and July 31, 2023, we successfully detected and reported 26,333 TxPhish websites and 3,486 phishing accounts. Among all of documented TxPhish websites, 78.9\% of them were first reported by us, making TxPhish the largest TxPhish website detection system. Moreover, we provided criminal evidence of four phishing accounts and their fund flow totaling 1.5 million to aid in the recovery of funds for the victims. In addition, we identified bugs in six Ethereum projects and received appreciation.},
booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security},
pages = {120–134},
numpages = {15},
keywords = {decentralized finance, ethereum, phishing detection},
location = {Copenhagen, Denmark},
series = {CCS '23}
}
  

[1] Make data reliable: An explanation-powered cleaning on malware dataset against backdoor poisoning attacks.
Xutong Wang, Chaoge Liu, Xiaohui Hu, Zhi Wang, Jie Yin, Xiang Cui
Annual Computer Security Applications Conference (ACSAC 2023) [PDF] [Cite]

  
  
  @inproceedings{10.1145/3564625.3564661,
author = {Wang, Xutong and Liu, Chaoge and Hu, Xiaohui and Wang, Zhi and Yin, Jie and Cui, Xiang},
title = {Make Data Reliable: An Explanation-powered Cleaning on Malware Dataset Against Backdoor Poisoning Attacks},
year = {2022},
isbn = {9781450397599},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3564625.3564661},
doi = {10.1145/3564625.3564661},
abstract = {Machine learning (ML) based Malware classification provides excellent performance and has been deployed in various real-world applications. Training for malware classification often relies on crowdsourced threat feeds, which exposes a natural attack injection point. Considering a real-world threat model for backdoor poisoning attacks on a malware dataset, because attackers are generally considered to have no control over the sample-labeling process, they conduct a clean-label attack, a more realistic scenario, by generating backdoored benign binaries that will be disseminated through threat intelligence platforms and poison the datasets for downstream malware classifiers. To avoid the threat of backdoor poisoned datasets, we propose an explanation-powered defense methodology called make data reliable (MDR), which is a general and effective mitigation to ensure the reliability of datasets by removing backdoored samples. We use a surrogate model and explanation tool Shapley Additive exPlanations (SHAP) to filter suspicious samples, then perform watermark identification based on the filtered suspicious samples, and finally remove samples with the identified watermark to construct a reliable dataset. We conduct extensive experiments on two typical datasets that were manually poisoned using different attack strategies. Experimental results show that the MDR achieves backdoored samples removal rate greater than 99.0\% for different datasets and attack conditions, while maintaining an extremely low false positive rate of less than 0.1\%. Furthermore, to confirm the generality of MDR, we use different models to perform a model-agnostic evaluation. The results show that, MDR is a general methodology that does not rely on any specific model.},
booktitle = {Proceedings of the 38th Annual Computer Security Applications Conference},
pages = {267–278},
numpages = {12},
keywords = {model-agnostic, backdoor poisoning attack, ML malware classification, Explanation-powered},
location = {Austin, TX, USA},
series = {ACSAC '22}
}
  

Datasets

[Cross-Chain] Transactions, Anomalies
[Phishing] Phishing Websites

Service

[Sub-Reviewer] NDSS’26, IMC’25, S&P’25, Usenix Security’25, FSE’25, ISSTA’25, WWW’25, CCS’24, TDSC’24
[Teaching Assistant] Teaching Assistant, Decentralized Finance (DeFi) Course
[Volunteer] Volunteer of ETHShanghai

Experience

[Intern] Blocksec, Hangzhou, China, 2022.10-2023.08
[Intern] Institute of Information Engineering, Chinese Academy of Sciences, 2021.10-2022.05

Honors & Awards

China National Scholarship, Ministry of Education of PRC
Outstanding Graduates of Beijing, Beijing Municipal Education Commission
First Prize of University Scholarship ×4