Existing phishing detection methods struggle to effectively model the temporal evolution, heterogeneity, and burstiness of Ethereum transactions and heavily rely on large volumes of labeled data, limiting their adaptability to emerging threats. To address these challenges, this work proposes PhishEye, a novel system that introduces, for the first time, a fully dynamic self-supervised temporal graph contrastive learning framework. PhishEye models on-chain transactions as heterogeneous temporal attributed multigraphs, jointly capturing transaction heterogeneity and temporal dynamics without requiring extensive labeled data, thereby enabling the identification of previously unseen phishing activities. Evaluated on a dataset comprising over 160,000 addresses, PhishEye achieves an F1 score of 87.23% and an AUC of 98.43%. In real-world deployment, it successfully flagged 1,803 previously unknown phishing addresses, facilitating early warnings that potentially averted losses exceeding $2 billion.

Blockchain and decentralized finance have revolutionized the financial ecosystem while simultaneously exposing it to cryptocurrency phishing attacks. Existing phishing detection methods primarily rely on graph learning, but they face significant limitations. Static graph learning approaches fail to account for the temporal evolution of phishing patterns, while semi-dynamic methods, such as those combining static GNNs with LSTM, struggle to capture the irregular and bursty nature of blockchain transactions. Moreover, these methods overlook the diversity of Ethereum transactions, treating them as homogeneous graphs, and heavily rely on supervised learning, which requires extensive labeled data that is not readily available. These limitations reduce their adaptability to emerging phishing threats. In this paper, we present PhishEye, a fully dynamic self-supervised system that monitors on-chain transactions to detect phishing activities. PhishEye formulates Ethereum transactions as a heterogeneous temporal attributed multi-graph and incorporates a novel temporal graph contrastive learning model, which captures both temporal patterns and heterogeneous transaction types. The evaluation on a dataset of 161,658 addresses and 416,541 transactions shows that PhishEye outperforms existing methods, achieving an F1 score of 87.23% and an AUC of 98.43% for phishing transaction detection, and an F1 score of 94.19% and an AUC of 98.03% for phishing account detection. In real-world deployment from May 1, 2023 to July 31, 2024, PhishEye identified 1,803 previously unknown phishing addresses, providing early alerts that helped prevent losses exceeding 2 billion USD.