Hayden Adams, the founder of Uniswap, took to social media to alert the crypto community about a new wave of scams targeting users through deceptive user interfaces (UIs) in crypto wallets.
Adams’ warning sheds light on how scammers are leveraging fake clones of Ethereum Name Service (ENS) domains to deceive users and potentially siphon funds.
In a post on X, Adams expressed his concern, stating, “first time I’ve seen this scam, so posting it as a heads up for users and interfaces.”
The scam involves the fraudster purchasing an ENS domain that closely resembles a legitimate Ethereum address but substituting alphabetic characters with alphanumeric sequences.
Subsequently, when unsuspecting users input the genuine Ethereum address into their crypto wallet UIs, these interfaces display the scammer’s address as the primary result instead of the intended recipient’s. This could lead users to send funds to the scammer’s address unknowingly.
He highlighted a specific instance where a bad actor purchased the ENS domain “[myEthereumAddress].eth,” which closely resembled his own Ethereum address, “0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa.”
Adams stressed the importance of interfaces integrating filters to tackle these scams and advised users to proceed cautiously. He stated, “impt for UIs to filter these out.”
Following the post, Nick Johnson, the founder of ENS, expressed his view that interfaces should refrain from autocompleting names altogether, deeming it excessively risky. He noted that such a practice is discouraged in their user experience (UX) guidelines.
ENS stands for Ethereum Name Service, a domain name system built on the Ethereum blockchain. It enables users to substitute intricate Ethereum addresses with more user-friendly and understandable names such as “myname.eth.”
In a related incident, scammers have previously used ENS domains to mimic major exchanges’ wallets by using a single address to register multiple ENS domains that closely resemble the hexadecimal addresses of highly active addresses. The scammer then added “.eth” at the end of these addresses.
For instance, the FTX address “0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2” was mimicked as “0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2.eth”1.
The primary aim is to intercept payments directed to these mimicked addresses, exploiting the feature of many wallets supporting ENS domains as valid destinations for asset transfers. As a result, users risk unknowingly sending assets to these fake domains with a single misclick.