image

Scammers exploit tiny typos to trick people into sending money to their crypto wallets

Attackers can “surround” benign Web3 domains in order to capitalize from typos. Unlike traditional domain squatting, a single typo can result in the immediate and irrevocable loss of user funds. Credit: arXiv (2024). DOI: 10.48550/arxiv.2411.00352

A team of cybersecurity researchers at Stony Brook University has uncovered a new way for scammers to steal from unsuspecting cryptocurrency users. They have posted a paper to the arXiv preprint server describing the new crypto scam and how users can protect themselves.

Cryptocurrency is a type of digital currency run on a secure online platform. One example is Coinbase. Crypto currency is stored in a crypto wallet. In this new study, the team in New York reports that scammers have found a way to get people to redirect crypto payments away from intended recipients and toward wallets held by the scammers.

The researchers call the scam typosquatting. It involves setting up Blockchain Naming Systems (BNS) domain names that are similar to those used by well-known entities. It exploits the use of simple word-based addresses rather than the complicated and hard-to-remember letter and digit codes commonly associated with crypto wallets.

Sending crypto money in this way involves typing in a word-based address associated with the intended recipient. But if the user misspells the address slightly, and it happens to match one the scammer set up, that currency goes to the scammer—and because of the digital nature of the currency, there is no way for the sender to correct the mistake.

To gain some insight into the size of the problem, the research team looked at more than 5 million BNS domain names that have been involved in more than 200 million transactions over three main platforms. They found what they believe to be 25,000 squatting domains and that they were targeting approximately 37% of legitimate names.

They also noted that many were targeting well-known figures in the cryptocurrency world, such as Vitalik Buterin—a name they note that is particularly easy to mistype. In the case of donations, neither sender nor recipient would have any way of knowing that they have been scammed. The only way for users to protect themselves, the researchers suggest, is to double-check spelling when sending cryptocurrency.

More information:
Muhammad Muzammil et al, Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems, arXiv (2024). DOI: 10.48550/arxiv.2411.00352

Journal information:
arXiv

© 2024 Science X Network

Citation:
Scammers exploit tiny typos to trick people into sending money to their crypto wallets (2024, November 24)
retrieved 25 November 2024
from https://techxplore.com/news/2024-11-scammers-exploit-tiny-typos-people.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Comments are closed

Uploading