Internet scams have diverse and, increasingly, numerous strategies: from phishing, to ransomware, to malware. And now a team of cybersecurity scientists from Stony Brook University has Discovered a new way for scammers to steal from unsuspecting cryptocurrency users: typosuaqtting or take advantage of writing errors.
The team, led by Muhammad Muzammil, has published a study on arXiv that describes the new cryptocurrency scam and how users can protect themselves.
Cryptocurrencies are a type of digital currency that runs on a secure online platform. An example is Coinbase. The cryptocurrency is stored in a cryptocurrency wallet. In this new study, the team from Muzammilpoints out that Scammers have found a way to get people to redirect cryptocurrency payments away from the intended recipients and towards the wallets that the scammers have.
Researchers call the scam typosquatting and it involves setting up blockchain name system (BNS) domain names that are similar to those used by known entities. Exploits the use of simple word-based addresses instead of letter and digit codes complicated and difficult to remember that are commonly associated with cryptocurrency wallets.
Sending crypto money this way involves typing a word-based address associated with the intended recipient. But if the user misspells the address and it matches one that the scammer has set upthat currency goes to the scammer and, due to the digital nature of the currency, there is no way for the sender to correct the error.
To get an idea of the magnitude of the problem, the authors examined more than 5 million domain names that have been involved in more than 200 million transactions on three major platforms. They found what they think There are 25,000 squatting domains and they were targeting approximately 37% of the legitimate names.
They also noted that many were targeting well-known figures in the cryptocurrency world, such as Vitalik Buterin, a name they note is particularly easy to misspell. the uThe only way for users to protect themselves, the authors suggest, is to double-check spelling when sending cryptocurrencies.. But there is no other option.