In a recent social media post, Hayden Adams, the founder of Uniswap, alerted the crypto community about a growing wave of scams that are specifically targeting users through deceptive user interfaces (UIs) in crypto wallets. This warning sheds light on how scammers are exploiting fake clones of Ethereum Name Service (ENS) domains to deceive users and potentially steal their funds. Adams emphasized the urgency of the situation, stating, “first time I’ve seen this scam, so posting it as a heads up for users and interfaces.”
The scam operates by the fraudster purchasing an ENS domain that closely resembles a legitimate Ethereum address, but with the substitution of alphabetic characters with alphanumeric sequences. Subsequently, when unsuspecting users input the genuine Ethereum address into their crypto wallet UIs, these interfaces show the scammer’s address as the primary result instead of the intended recipient’s. As a result, users may unknowingly transfer funds to the scammer’s address, falling victim to the deception. Adams provided an example of a bad actor purchasing the ENS domain “[myEthereumAddress].eth,” which closely resembled his own Ethereum address, “0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa.”
The Importance of Interface Filters and User Caution
Adams stressed the vital role that interfaces play in tackling these scams and advised users to proceed cautiously. He highlighted the necessity for UIs to implement effective filters to detect and block these deceptive ENS domains. By integrating robust filtering mechanisms, these interfaces can help safeguard users from falling victim to these fraudulent schemes.
Nick Johnson, the founder of ENS, joined the discussion and expressed his view that interfaces should avoid autocompleting names altogether, deeming it excessively risky. He cited how such a practice contradicts their user experience (UX) guidelines and could potentially facilitate the success of these scams. ENS, which stands for Ethereum Name Service, is a domain name system built on the Ethereum blockchain that allows users to replace complex Ethereum addresses with more user-friendly and human-readable names such as “myname.eth.”
Past Instances of Scammers Exploiting ENS Domains
This new wave of scams using ENS domains is not the first instance of scammers leveraging this technology. In the past, scammers have mimicked major exchanges’ wallets by registering multiple ENS domains with addresses that closely resemble highly active addresses. By adding “.eth” at the end of these addresses, they create a convincing facade. For example, the FTX address “0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2” was replicated as “0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2.eth.” By exploiting the feature of many wallets supporting ENS domains as valid destinations for asset transfers, scammers intercept payments directed to these fake domains, risking users unknowingly sending assets to these fraudulent addresses.
Conclusion: Vigilance and Awareness Are Key
As the crypto community faces evolving threats and new scam tactics, it is crucial for users to remain vigilant and exercise caution when interacting with crypto wallets and user interfaces. Implementing strict filters in UIs and avoiding autocompletion features can help prevent users from falling victim to these deceptive schemes. By staying informed and raising awareness about these scams, the community can collectively combat fraud and protect its members’ assets in this rapidly evolving landscape.