The crypto community is facing a new wave of scams, as scammers are using deceptive user interfaces (UIs) in crypto wallets to target unsuspecting users. Hayden Adams, the founder of Uniswap, recently raised the alarm about these scams on social media, highlighting the use of fake clones of Ethereum Name Service (ENS) domains. This article delves into the details of this alarming trend and the potential risks it poses to crypto users.
The Scam
One of the common techniques employed by scammers is purchasing ENS domains that closely resemble legitimate Ethereum addresses. These domains use alphanumeric sequences in place of alphabetic characters, making them appear similar to authentic addresses. When users input the genuine Ethereum address into their crypto wallet UIs, these interfaces display the scammer’s address as the primary result instead of the intended recipient’s address. Consequently, users may unknowingly send funds to the scammer’s address, falling victim to this scheme.
As an example, Hayden Adams shared a specific instance where a bad actor purchased the ENS domain “[myEthereumAddress].eth,” which closely resembled his own Ethereum address, “0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa.” This highlights the level of sophistication scammers employ to trick unsuspecting users.
Hayden Adams emphasized the significance of crypto wallet interfaces integrating filters to protect users from these scams. The presence of effective filters would help identify and prevent the display of scammer addresses, reducing the risk of users falling victim to these fraudulent schemes. He urged caution to all crypto users and advised them to be vigilant while conducting transactions.
Rethinking User Experience Guidelines
Following Hayden Adams’ warning, Nick Johnson, the founder of ENS, expressed his view on this issue. Johnson believes that interfaces should not autocomplete names at all, as this practice is considered excessively risky. He stated that autocompletion is discouraged according to their user experience (UX) guidelines, emphasizing the need for caution when designing UIs for crypto wallets.
In addition to the current ENS domain scams, scammers have previously used this technique to mimic major exchanges’ wallets. By registering multiple ENS domains that closely resemble the hexadecimal addresses of highly active addresses, scammers aim to intercept payments directed to these mimicked addresses. They add “.eth” at the end of these addresses to exploit the feature of many wallets supporting ENS domains as valid destinations for asset transfers. This poses a dangerous threat to users, as a single misclick could result in unknowingly sending assets to these fake domains.
The rise of scams targeting crypto users through deceptive UIs in crypto wallets is a concerning trend. Scammers exploit fake clones of Ethereum Name Service domains to mislead users into sending funds to scammer addresses. To combat this issue, interfaces must incorporate effective filters and adhere to strict UX guidelines. Additionally, crypto users should exercise caution and remain vigilant while conducting transactions to protect themselves from falling victim to these scams.
Leave a Reply