How typosquatting is Used in the Cryptocurrency Industry

21.02.2023

Tags: news, hackers, crypto, lawsuits

Author: Robert Strickland

How typosquatting is Used in the Cryptocurrency Industry

What is typosquatting?

The relative immaturity of the cryptocurrency industry allows fraudsters to use hundreds of different schemes to take possession of other people's savings.

What is typosquatting?

Typosquatting is a type of passive attack. typosquatting is used for a variety of purposes and has found its application in the crypto industry as well.

For more understanding, here is a real example: in 2014, I transferred 16.5 BTC to an intruder without even knowing it. All because he went to blokochain.info instead of blockchain.info. It would seem that he made one small mistake, but it cost him a lot, even by those standards.

In the days close to us, the most popular form of typosquatting is faking the Twitter accounts of famous figures in the crypto industry, such as Vitalik Buterin or Pavel Durov, for example. Fraudsters in this case target very gullible people, and, as practice shows, there are a lot of them. The working principle is as follows: an attacker creates an account of a famous person, makes it look similar to the original, and then happily announces the distribution of cryptocurrency. This can be timed to coincide with some event, like the release of an important update or the growth of the coin: it adds credibility. After that, the scammer tries to promote his account by all means to lure more victims: for example, he may leave comments under the posts of other, really famous people.

How does the scammer work?

Let's say the scammer has lured a lot of people to his account, and they see a post about a grand coin giveaway. But how do they lose their own funds in the process? That's where the most primitive yet effective method comes in: the attacker writes that in order to get free coins, you need to send some token amount to his wallet to identify him. This is supposedly done then so that the generous celebrity gathers some kind of base to send out coins and make these people happy.

What actually happens is no secret to anyone. The coins are sent to the purse of attacker and never return to the owners. After some time, the fake account is blocked due to complaints, and that's the end of it. After that, the attacker starts from scratch and does exactly the same scheme.

Such actions led Ethereum creator Vitalik Buterin to rename his official Twitter account to "Vitalik "I don't give out ETH" Buterin". It is very easy not to fall for such a deception: you have to be careful.