What is typosquatting in crypto?
Typosquatting in crypto involves registering domain names that mimic popular platforms with slight misspellings to deceive users into revealing sensitive information.
In the rapidly evolving digital landscape, cryptocurrencies have become a significant form of currency, enabling decentralized and borderless financial transactions.
Along with its growing popularity, however, new cyber threats have emerged. One such threat is typosquatting, a deceptive practice where cybercriminals register domain names that closely resemble those of legitimate cryptocurrency platforms. By exploiting common typing errors, attackers aim to mislead users into visiting fraudulent sites, leading to potential financial losses and security breaches.
For instance, a user intending to visit “coinbase.com” might accidentally type “coinbsae.com,” landing on a malicious site designed to mimic the original.
These counterfeit platforms often prompt users to input sensitive information, such as private keys or recovery phrases, or to download malware disguised as legitimate software. Consequently, unsuspecting users may inadvertently expose their digital assets to theft or compromise their personal data.
The “typo” in typosquatting highlights its reliance on common keyboard mistakes. This deceptive practice is also referred to as domain mimicry, URL hijacking or the creation of sting sites.
The pseudonymous nature of blockchain transactions further complicates the recovery of stolen funds, making typosquatting a particularly insidious threat in the crypto industry.
In June 2019, six individuals were arrested in the United Kingdom and Netherlands after a 14-month investigation into a 24-million-euro cryptocurrency theft. The theft, which targeted Bitcoin wallets, involved typosquatting, where cybercriminals created fake cryptocurrency exchange sites to steal login details. Over 4,000 victims across 12 countries were affected. Europol and national authorities coordinated the operation, leading to arrests in both countries.
To safeguard against such schemes, it is imperative for users to exercise caution, double-check URLs, and utilize security features like bookmarks for frequently visited sites. Developers and service providers should also proactively monitor for and address potential typosquatting domains to protect their user base.
Mechanics of typosquatting in crypto
Attackers exploit typosquatting in crypto by registering deceptive domains, creating fake websites and using phishing tactics to steal credentials, redirect funds or install malware.
Let’s understand these tactics in a bit more detail:
- Domain registration: Cybercriminals meticulously register domains that are slight variations of popular cryptocurrency platforms or services. For instance, they might replace a letter or add a character to a well-known domain name, such as registering “bitcoiin.com” instead of “bitcoin.com.” This subtle alteration preys on users who make typographical errors when entering web addresses. A study uncovered a scam where attackers exploited Blockchain Naming Systems (BNS) domain names similar to well-known entities, resulting in significant financial losses.
- Phishing and malware distribution: Scammers have found ways to exploit tiny typos to trick people into redirecting crypto payments to wallets held by bad actors. Attackers can deploy phishing tactics to steal credentials, install malware on users’ devices, or trick users into approving fraudulent transactions. Malware can further compromise the user’s device, leading to additional security breaches.
- Deceptive websites: These domains host websites that closely mimic the original platforms, often replicating the user interface and design. Unsuspecting users who land on these fake sites may be prompted to input sensitive information like private keys, recovery phrases or login credentials. This information can then be exploited by attackers to gain unauthorized access to user accounts or wallets.
Did you know? Researchers analyzing 4.9 million BNS names and 200 million transactions discovered that typosquatters are actively exploiting these systems, with user funds being sent to fraudulent addresses due to simple typos.
Common typosquatting targets in crypto
Typosquatting primarily targets wallets, tokens, and websites within the cryptocurrency ecosystem.
- Wallets: Attackers create wallet addresses or domains that closely resemble those of legitimate wallets. Users intending to send funds may inadvertently transfer assets to these fraudulent addresses, resulting in financial loss. For example, a legitimate Ethereum wallet address might be “0xAbCdEf1234567890…” and a fraudulent address might be…
cointelegraph.com