 Hey, everybody. My name's Jay Little. I'm a principal security engineer at Trailabits. My hobby over this past summer was trying to sync archive nodes and then figure out why some contracts have been self-destructed. So I'm going to quickly go over how I did this and then share the results. In case anybody needs a brief refresher of what a self-destruct looks like, imagine that you have some contracts. People are using it. They're baking cookies. The owner's keeping track of who has what cookies. Then the owner wants to close up the shops. They do a self-destruct. When they do this, the owner gets all the money collected by the shop. And when this happens, the code and all the storage gets removed from all the Ethereum clients on the node. So because of that, the self-destruct is a type of internal transaction. So in order to get this information, you need to run full node with archiving. And these are some curated command line arguments I found from Stack Overflow that it'll be performance and do archiving. And then you wait a few weeks, and then you run into some crashing errors. It turns out this summer was a bad time to try to get a working archiving node. These have been fixed, but it felt like I was making a Zen garden out of my chain data folder. I'd have to remove it and start again. So I still wanted to make some results. So luckily, Etherscan has an API that will give you a list of all the transactions to a contract and all the internal transactions, too. It took about a few hours to download. Etherscan lets you do about five queries per second. And here are some results. So total, there's been about 2 million contracts created before block 6 million on mainnet. And of those, 32,000 are empty. And a subset of these empty ones have been self-destructed. It's a little hard to tell the difference between the two. So as we kind of apply some more heuristics for like, oh, is this self-destruct interesting or not? Like, is the account that caused the self-destruct the original creator or not? Or did it send money back to the original account or some new one? We get down to just 25 total self-destructs ever that send more than 0.1 ETH. This is kind of surprising. So I started digging through the results. And it turns out there's a lot of duplicate and noise. There's 10,000 copies of this contract that kind of read code in a loop. And some Stack Overflow post says this was a network DOS. Then there's this one's kind of unfortunate. There's been about 6,000 ETH loss by people sending some money to address 0 and then not giving any data. So these are gone forever. Then there's about 2,000 of these where there's 6,000 nulls. Nulls is just a stop. It doesn't do anything. So no contracts created, so it's empty. Then there's this thing that's really annoying. There's about 3,000 of these contracts that just do a push and then a self-destruct. So they just kind of transfer one or two away. And when you look at an ETHer scan, it looks like a huge mess. And it turns out that what these are doing is they will self-destruct and then that triggers a transaction and then it kind of does a little bit of a chain reaction. And this was really annoying to filter out. So we do all this filtering. And we're left with about 2,000 contracts that have been legitimately self-destructed that had code and now they don't. And again, if we apply some heuristics, there's actually only out of the 25 that have sent 0.1 ETH. There's only 16 that have sent more than one ETHer when they were being destroyed. So for a few of these kind of highlights of this result, this one, the original owner actually destroyed his contract and sent 50 ETH to 0 RIP. Then this one, I got excited because I'm like, ooh, 300 ETH in a self-destruct. But it turns out, when you look at previous transactions, the owner was intentionally changed by the original creator. So this probably wasn't an attack. Then the rest of the results are actually pretty much just gambling. This one had a few ETHer in it, 65. And it had a cool address. It begins with DICE. So it's like a trustworthy gambling contract. And then here's another one that transferred a few ETHer. This actually had source code and a pretty legit-looking website. This is a contract that was attacked and the attacker called a couple functions and then got a bounty of 0.2 ETH. I'm actually the original author of this contract. It was just a honeypot with no trap, just honey. And I wanted to see if anybody was scanning binary only contracts and attacking them. And the answer is yes. It happened about a day after I put the contract up on Mainnet. And for an example, that's not me. Here's an old contract. It turns out to be an open source dungeon style navigation game. But they copy and pasted some code and removed the only owner check on mortal. So somebody called it and got three ETH. So this is just a quick overview of what I was doing this summer. And it turns out only a small fraction of contracts have been destroyed when they had value. So I'm looking for other heuristics to apply. And if you have any questions or are curious about this kind of analysis, I'll be happy to chat outside. And thank you for your attention.