Cointelegraph Bitcoin & Ethereum Blockchain News

What is typosquatting in crypto?

Typosquatting in crypto involves registering domain names that mimic popular platforms with slight misspellings to deceive users into revealing sensitive information.

In the rapidly evolving digital landscape, cryptocurrencies have become a significant form of currency, enabling decentralized and borderless financial transactions.

Along with its growing popularity, however, new cyber threats have emerged. One such threat is typosquatting, a deceptive practice where cybercriminals register domain names that closely resemble those of legitimate cryptocurrency platforms. By exploiting common typing errors, attackers aim to mislead users into visiting fraudulent sites, leading to potential financial losses and security breaches.

For instance, a user intending to visit “coinbase.com” might accidentally type “coinbsae.com,” landing on a malicious site designed to mimic the original. 

These counterfeit platforms often prompt users to input sensitive information, such as private keys or recovery phrases, or to download malware disguised as legitimate software. Consequently, unsuspecting users may inadvertently expose their digital assets to theft or compromise their personal data.

The “typo” in typosquatting highlights its reliance on common keyboard mistakes. This deceptive practice is also referred to as domain mimicry, URL hijacking or the creation of sting sites.

The pseudonymous nature of blockchain transactions further complicates the recovery of stolen funds, making typosquatting a particularly insidious threat in the crypto industry. 

In June 2019, six individuals were arrested in the United Kingdom and Netherlands after a 14-month investigation into a 24-million-euro cryptocurrency theft. The theft, which targeted Bitcoin wallets, involved typosquatting, where cybercriminals created fake cryptocurrency exchange sites to steal login details. Over 4,000 victims across 12 countries were affected. Europol and national authorities coordinated the operation, leading to arrests in both countries.

To safeguard against such schemes, it is imperative for users to exercise caution, double-check URLs, and utilize security features like bookmarks for frequently visited sites. Developers and service providers should also proactively monitor for and address potential typosquatting domains to protect their user base.

Mechanics of typosquatting in crypto

Attackers exploit typosquatting in crypto by registering deceptive domains, creating fake websites and using phishing tactics to steal credentials, redirect funds or install malware.

Let’s understand these tactics in a bit more detail:

• Domain registration: Cybercriminals meticulously register domains that are slight variations of popular cryptocurrency platforms or services. For instance, they might replace a letter or add a character to a well-known domain name, such as registering “bitcoiin.com” instead of “bitcoin.com.” This subtle alteration preys on users who make typographical errors when entering web addresses. A study uncovered a scam where attackers exploited Blockchain Naming Systems (BNS) domain names similar to well-known entities, resulting in significant financial losses. 
• Phishing and malware distribution: Scammers have found ways to exploit tiny typos to trick people into redirecting crypto payments to wallets held by bad actors. Attackers can deploy phishing tactics to steal credentials, install malware on users’ devices, or trick users into approving fraudulent transactions. Malware can further compromise the user’s device, leading to additional security breaches.
• Deceptive websites: These domains host websites that closely mimic the original platforms, often replicating the user interface and design. Unsuspecting users who land on these fake sites may be prompted to input sensitive information like private keys, recovery phrases or login credentials. This information can then be exploited by attackers to gain unauthorized access to user accounts or wallets.

Did you know? Researchers analyzing 4.9 million BNS names and 200 million transactions discovered that typosquatters are actively exploiting these systems, with user funds being sent to fraudulent addresses due to simple typos.

Common typosquatting targets in crypto

Typosquatting primarily targets wallets, tokens, and websites within the cryptocurrency ecosystem.

• Wallets: Attackers create wallet addresses or domains that closely resemble those of legitimate wallets. Users intending to send funds may inadvertently transfer assets to these fraudulent addresses, resulting in financial loss. For example, a legitimate Ethereum wallet address might be “0xAbCdEf1234567890…” and a fraudulent address might be “0xAbCdEf1234567891…” with only a single digit changed. 
• Tokens: Fake token names are registered to mislead users into sending funds to fraudulent addresses. Scammers develop counterfeit tokens with names or symbols nearly identical to legitimate ones. Unsuspecting investors might purchase these fake tokens, believing them to be genuine, leading to potential financial losses. For example, a legitimate token might be Uniswap (UNI), whereas a fraudulent token might be “Unisswap” or “UniSwap Classic.”
• Websites: Users are vulnerable to phishing attacks through websites that closely mimic legitimate cryptocurrency platforms. These fraudulent sites, with near-identical domain names, are used to steal credentials and distribute malware, resulting in significant security risks. For example, a phishing domain might be “myetherwallett.com” (two “t”s in “wallet”) instead of the correct “myetherwallet.com.”

How typosquatting affects crypto developers and users

Typosquatting in crypto leads to reputational and financial damage for developers, as well as financial loss, data theft and malware infection for users.

Impact on cryptocurrency developers

Developers of cryptocurrency projects face several challenges due to typosquatting:

• Reputational damage: Malicious actors registering domains similar to legitimate cryptocurrency services can mislead users, causing them to interact with fraudulent platforms. This misdirection can result in users associating negative experiences with the original service, thereby damaging its reputation.
• Financial harm: Attackers may exploit typosquatting to siphon funds intended for legitimate services. This diversion not only impacts users but can also disrupt the developer’s revenue streams, hindering project development and growth. The scale of these financial losses can be substantial, as demonstrated by instances where typosquatting scams have resulted in millions of dollars in stolen funds.

Did you know? The SEC alleges that operators of fake crypto exchanges NanoBit and CoinW6 stole $3.2 million after building trust with investors on social media, resulting in legal action against eight parties.

Impact on cryptocurrency users

Users are particularly vulnerable to the tactics employed by typosquatters:

• Financial losses: Users who inadvertently interact with fraudulent sites due to typographical errors may suffer direct financial losses. Attackers exploiting typos in BNS have deceived users into sending cryptocurrency to attackers instead of intended recipients, resulting in significant financial harm. 
• Theft of sensitive information: Fake websites designed to resemble legitimate cryptocurrency platforms can trick users into divulging sensitive information, such as private keys. This information can then be used by attackers to access and steal funds from users’ wallets. The loss of such information compromises user security and can lead to significant financial repercussions.
• Malware infections: In addition to phishing, typosquatting sites can serve as vectors for malware distribution. Users who visit these sites risk infecting their devices with malicious software, which can lead to a range of security breaches. This can include unauthorized access to personal data, further financial losses and the potential for the malware to propagate to other systems. Consequently, users may inadvertently become participants in broader cyberattacks.

Cybersquatting vs. typosquatting in crypto

Both cybersquatting and typosquatting involve deceptive domain registrations, but they differ in intent and execution.

Cybercriminals register domains resembling well-known crypto projects or exchanges, often demanding a ransom for the domain or using it to mislead users. This practice is called cybersquatting.

For example, someone registers EthereumExchange.com before Ethereum launches its official exchange, hoping to sell it later for profit.

In the case of typosquatting, attackers create domains with minor spelling variations of legitimate crypto platforms to trick users into visiting fake sites, stealing credentials or deploying malware.

For example, a scammer registers Binannce.com (double “n”) to mimic Binance and steal user logins.

Below is a quick summary of how cybersquatting is different from typosquatting:

Legal implications of typosquatting in the crypto industry

Typosquatting in the cryptocurrency sector not only poses security risks but also presents significant legal challenges.

These include:

• Intellectual infringements vs. intent: It’s not always a clear-cut case of trademark infringement. Courts often grapple with proving “intent to deceive.” Did the typosquatter deliberately try to mislead users, or was it a “harmless” mistake? In crypto, where anonymity is prized, proving malicious intent can be like chasing ghosts.
• Jurisdictional headaches: Crypto’s borderless nature clashes spectacularly with traditional legal frameworks. When a scammer in one country typosquats a domain targeting users in a dozen others, where do you even start? What laws apply? This creates a complex web of international legal challenges, making enforcement a real nightmare.
• The evolving definition of “consumer harm”: Traditional consumer protection laws are struggling to keep up with the unique risks of crypto. Losing your private keys due to a typosquatting scam isn’t quite the same as buying a faulty product. Courts are having to redefine what constitutes “consumer harm” in this digital age, which opens up new legal gray areas.
• Domain name disputes and UDRP: The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is often used to resolve domain name disputes. However, its effectiveness in the crypto world is debatable. Crypto projects might not always have formal trademarks, which are often required for a successful UDRP claim. This leaves some projects particularly vulnerable.
• Smart contract exploits: In some cases, typosquatting could be used to direct people to smart contracts that have been designed to steal funds. This adds another layer of complexity, as the code itself could be considered a tool for fraud. This raises the question of whether smart contracts can be considered legal documents and if they can be used in court as evidence.
• Criminal liability and money laundering: Beyond civil suits, typosquatting can also lead to criminal charges, especially when coupled with money laundering. If scammers use these fake sites to funnel stolen crypto, they’re stepping into serious legal territory. Law enforcement is increasingly tracking these digital trails, and the penalties can be severe.

How to detect and prevent typosquatting in cryptocurrency markets

To combat typosquatting in cryptocurrency, developers and users must proactively monitor domains, secure similar names, educate users, implement security features, and collaborate with authorities.

To mitigate the risks associated with typosquatting, cryptocurrency developers and users can adopt the following measures:

• Domain monitoring: Regularly monitor domain registrations that resemble your brand or service to identify potential typosquatting attempts. This proactive approach allows for timely action to address unauthorized domains. 
• Secure similar domains: Register common misspellings or variations of your domain name to prevent malicious actors from exploiting them. Owning these variations can redirect legitimate traffic to your official site and prevent fraudulent sites from gaining traction. 
• User education: Empower users to become “digital detectives.” Inform them about the risks of typosquatting and encourage vigilance when entering URLs or interacting with cryptocurrency platforms. Providing clear guidelines on recognizing official websites and avoiding phishing attempts can empower users to protect themselves. 
• Implement security features: Boost user trust and deter typosquatting by utilizing Secure Sockets Layer (SSL) certificates, showcasing trust seals, and ensuring URL accuracy. A secure site protected by SSL minimizes the risk of attacks and encourages user interaction.
• Collaborate with authorities: Work with domain registrars, law enforcement and regulatory bodies to address and prevent typosquatting incidents. Collaboration can lead to the removal of fraudulent domains and the prosecution of offenders, enhancing the overall security of the cryptocurrency ecosystem.

How to report typosquatting-related crypto crime

To report typosquatting-related crypto crime globally, start by reporting to the domain registrar, seek legal counsel for complex cases, inform crypto platforms of fraudulent transfers, and document transactions via blockchain explorers. In the US, UK and Australia, report to specific national cybercrime and intellectual property agencies.

Regardless of the specific country, certain steps should be taken when reporting typosquatting in the cryptocurrency space. First, it is crucial to report the fraudulent domain to the registrar where it was registered. Most registrars have clear procedures for handling abuse reports. 

Second, for complex or international cases, seeking legal counsel specializing in cybercrime and intellectual property law is advisable. Third, if the typosquatting resulted in funds being sent to a fraudulent wallet, the relevant cryptocurrency exchange or wallet provider should be informed. 

Finally, utilizing blockchain explorers to document transactions to fraudulent addresses can provide valuable evidence.

Here’s a breakdown of how to report typosquatting-related crypto crime in US, UK and Australia:

• United States: Report general cybercrime to the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. For trademark issues, contact the United States Patent and Trademark Office (USPTO). Domain name disputes can be addressed through ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP).
• United Kingdom: Report general fraud to Action Fraud, the national reporting center. For trademark infringements, report to the UK Intellectual Property Office (IPO). Domain name disputes are handled through ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP).
• Australia: Report cyber incidents to the Australian Cyber Security Centre (ACSC) and cybercrimes via ReportCyber. Domain name disputes can be addressed through ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP).

Typosquatting remains a pervasive threat in the cryptocurrency industry, necessitating vigilance from both developers and users. By understanding its mechanics and implementing preventive strategies, stakeholders can mitigate risks and foster a securer digital currency ecosystem.