The crypto revolution is in full force following Donald Trump's re-election. But those looking to send and receive crypto will have to beware of so-called "typosquatting" scams, or risk losing thousands of dollars.
A new study by researchers at Stony Brook University analyzed the prevalence with which scammers exploit tiny typos to trick people into sending sums to crypto wallets that falsely pretend to be attached to individuals. The typosquatting scams take advantage of issues with Blockchain Naming Systems (BNS), which allow users to type in a word-based address, similar to a website URL, to send crypto to, rather than having to use the complicated series of digits and letters that are traditionally associated with crypto wallets. "People have popularized their domain names on their Twitter accounts," says Muhammad Muzammil, a Ph.D. candidate at Stony Brook University and lead author of the study.
Looking at 5 million BNS domain names and 200 million transactions on three major BNS platforms, including Ethereum Name Service (ENS), Unstoppable Domains (UD), and ADA Handles (ADAH) on the Ethereum, Polygon, and Cardano blockchains, the researchers found more than 25,000 squatting domains. Around 37% of the most popular legitimate names on Ethereum's ENS service were targeted by typosquatting.
Many of the typo-based accounts targeted public figures, such as Vitalik Buterin, the cofounder of Ethereum. For instance, scammers could register names like "vitalyk.eth" or "v-italik.eth" in place of "vitalik.eth." Buterin was a major target of scammers looking to piggyback on his popularity: The researchers identified 74 typo variants of his official BNS domain, with a single typo BNS domain -- fitalik.eth -- netting scammers more than $33,000.