Researchers from Stony Brook University have published the results of a study uncovering a new form of cryptocurrency fraud. The method, termed “typosquatting,” exploits human typographical errors to divert users’ funds into wallets controlled by malicious actors. The paper highlights the critical need for vigilance in managing digital currencies, especially as their popularity continues to soar.
The scheme centers around the use of fraudulent domain names created within the Blockchain Naming System (BNS)—a technology similar to DNS that simplifies cryptocurrency transactions. Instead of relying on complex alphanumeric wallet addresses, users can send funds to easily readable names or phrases. However, even a minor typo can redirect transactions from the intended recipient to a scammer’s wallet.
While BNS-based platforms have greatly simplified cryptocurrency interactions, making the technology accessible even to beginners, this convenience has also created opportunities for abuse. Malicious actors register domain names resembling popular ones and wait for users to make mistakes. According to the study, such incidents are far from rare, often going unnoticed by both senders and recipients.
Analysts examined over 4.9 million BNS domains and 200 million transactions spanning three blockchains: Ethereum, Polygon, and Cardano. Their analysis revealed 25,000 fraudulent domains, accounting for approximately 37% of all legitimate addresses.
Particularly troubling are schemes involving charity scams. In several cases, attackers created addresses nearly identical to those of well-known organizations or individuals, such as Ethereum co-founder Vitalik Buterin.
Blockchain, the backbone of most cryptocurrencies, is a decentralized technology renowned for its transparency, immutability, and robust security. These attributes have made it indispensable in financial transactions, logistics, and even healthcare. However, blockchain’s decentralization also represents its Achilles’ heel. The absence of a central governing body eliminates the possibility of reversing transactions, allowing fraudsters to exploit user errors with impunity.
Typosquatting is just one of many schemes proliferating in the cryptocurrency ecosystem. Others include phishing attacks, Ponzi schemes, fake investment platforms, and wallet hacks. Reports estimate that annual losses from cryptocurrency fraud amount to billions of dollars, with the figure steadily climbing.
Experts suggest that addressing this issue requires both user awareness and technological innovation. For instance, BNS platforms could implement algorithms to detect suspicious registrations and issue warnings about potential threats. Users, meanwhile, are advised to meticulously double-check addresses before sending funds to avoid financial losses.
The study underscores the importance of a systematic approach to enhancing security. Typosquatting is particularly insidious due to its stealthy nature—victims often remain unaware that their funds have been stolen, as the transaction appears legitimate. Tackling this challenge demands educational initiatives for users and stricter regulations at the platform level.
