Crypto Community Takes Action Against Rising ENS Wallet Impersonation Scams

The community is working hard to address the broader trend of scams infiltrating the industry.

PUBLISHED FEB 15, 2024

Cover Image Source: Screenshot of Ethereum Name Service Website

Uniswap's founder, Hayden Adams, recently shed light on a sophisticated Ethereum Name Service (ENS) wallet impersonation scam that poses a significant risk to the crypto community. This scam involves the clever duplication of legitimate wallet addresses within the ENS, particularly those associated with Adams, potentially leading users to transfer funds to fraudulent accounts unwittingly. Adams emphasizes the need for heightened security measures within user interfaces (UI) and user experiences (UX).

first time I've seen this scam, so posting it as a heads up for users and interfaces

someone bought the ens "[myEthereumAddress].eth"

so when you paste in my address, the top result in some UIs is an ens match instead of the resolved ENS name

impt for UIs to filter these out pic.twitter.com/0cQAL5tQ0T
— hayden.eth 🦄 (@haydenzadams) February 14, 2024

The Mechanism Behind ENS Wallet Impersonation

The ENS wallet impersonation scam operates by registering legitimate wallet addresses as ENS domains with the .eth extension. Adams, having his wallet address mimicked in this manner, highlights the potential risks associated with this fraudulent act. Moreover, the scam creates a false sense of security by presenting the mimicked ENS address as a top search result in certain UIs, tricking users into transferring funds to the scammer's address, and believing it to be the intended recipient.

View this post on Instagram

A post shared by Anything Box | ART & MUSIC (@endpop)

Crypto Community Responds

This scam raises critical concerns within the crypto community, especially regarding the balance between transaction ease and anonymity. Hayden Adams, recognizing the urgency of the matter, advocates for UIs to implement safeguards against deceptive addresses. ENS lead developer Nick Johnson says, "IMO, interfaces shouldn’t autocomplete names at all; it’s far too dangerous. I think we advise against it in our UX guidelines."

Taylor Monahan, the founder of Ethereum wallet manager MyCrypto believes that the same scam vector was used in the early days of his MyEtherWallet wallet service. "It broke registrations and resolutions for names beginning with '0x' at the time," he added.

A Gold Coin on Smartphone | Pexels | Photo by Karolina Grabowska — Image Source: Pexels | Photo by Karolina Grabowska

Questions arise about the responsibility of ENS to implement preventative measures against such frauds. The lack of robust safeguards prompts discussions about potential solutions, including limitations on the number of characters in ENS addresses and warnings on already-created deceptive addresses.

Analyzing the Broader Trend of Crypto Scams

This incident is part of a broader trend of scams infiltrating the crypto industry, encompassing various forms such as email phishing campaigns, social media honeypot schemes, and sophisticated hacking operations. As scams become more prevalent, the need for heightened user awareness and protective measures intensifies.

According to the U.S. Federal Trade Commission's reports between 2021 and mid-2022, a staggering $1 billion in cryptocurrency was lost to scams, with over 46,000 individuals falling victim to such cyber schemes. Matt O’Neill, the Deputy Special Agent in Charge of Cyber at the U.S. Secret Service, estimates that U.S. consumers encountered losses amounting to $2.6 billion in 2022 due to scams.

Disturbingly, projections indicate that crypto scammers are poised to surpass this alarming figure by the culmination of 2023, highlighting the escalating financial toll inflicted by cybercriminals on unsuspecting victims. Therefore, the industry must focus on proactive measures, including integrating advanced security protocols, decentralized identity verification, and ongoing user education initiatives.