Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems

Muhammad Muzammil, Zhengyu Wu, Lalith Harisha, Brian Kondracki, Nick Nikiforakis

TL;DR

This work presents the first large-scale, intra-BNS typosquatting study, and finds that typosquatters are indeed active on BNSs, registering more malicious domains with each passing year and proposes straightforward countermeasures that can protect users without relying on thirdnartv services.

Abstract

A Blockchain Name System (BNS) simplifies the process of sending cryptocurrencies by replacing complex cryptographic recipient addresses with human-readable names, making the transactions more convenient. Unfortunately, these names can be susceptible to typosquatting attacks, where attackers can take advantage of user typos by registering typographically similar BNS names. Unsuspecting users may accidentally mistype or misinterpret the intended name, resulting in an irreversible transfer of funds to an attacker's address instead of the intended recipient. In this work, we present the first large-scale, intra-BNS typosquatting study. To understand the prevalence of typosquatting within BNSs, we study three different services (Ethereum Name Service, Unstoppable Domains, and ADAHandles) spanning three blockchains (Ethereum, Polygon, and Cardano), collecting a total of 4.9M BNS names and 200M transactions-the largest dataset for BNSs to date. We describe the challenges involved in conducting name-squatting studies on these alternative naming systems, and then perform an in-depth quantitative analysis of our dataset. We find that typosquatters are indeed active on BNSs, registering more malicious domains with each passing year. Our analysis reveals that users have sent thousands of transactions to squatters and that squatters target both globally popular BNS domain names as well as the domains owned by popular Twitter/X users. Lastly, we document the complete lack of defenses against typosquatting in custodial and non-custodial wallets and propose straightforward countermeasures that can protect users without relying on third-party services.

Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems

TL;DR

This work presents the first large-scale, intra-BNS typosquatting study, and finds that typosquatters are indeed active on BNSs, registering more malicious domains with each passing year and proposes straightforward countermeasures that can protect users without relying on thirdnartv services.

Abstract

A Blockchain Name System (BNS) simplifies the process of sending cryptocurrencies by replacing complex cryptographic recipient addresses with human-readable names, making the transactions more convenient. Unfortunately, these names can be susceptible to typosquatting attacks, where attackers can take advantage of user typos by registering typographically similar BNS names. Unsuspecting users may accidentally mistype or misinterpret the intended name, resulting in an irreversible transfer of funds to an attacker's address instead of the intended recipient. In this work, we present the first large-scale, intra-BNS typosquatting study. To understand the prevalence of typosquatting within BNSs, we study three different services (Ethereum Name Service, Unstoppable Domains, and ADAHandles) spanning three blockchains (Ethereum, Polygon, and Cardano), collecting a total of 4.9M BNS names and 200M transactions-the largest dataset for BNSs to date. We describe the challenges involved in conducting name-squatting studies on these alternative naming systems, and then perform an in-depth quantitative analysis of our dataset. We find that typosquatters are indeed active on BNSs, registering more malicious domains with each passing year. Our analysis reveals that users have sent thousands of transactions to squatters and that squatters target both globally popular BNS domain names as well as the domains owned by popular Twitter/X users. Lastly, we document the complete lack of defenses against typosquatting in custodial and non-custodial wallets and propose straightforward countermeasures that can protect users without relying on third-party services.

Paper Structure

This paper contains 21 sections, 16 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Blockchain Name Services (BNSs)
  3. Motivation and Challenges
  4. Data Collection
  5. Collecting Names, Addresses, and Dates
  6. Obtaining Transactions
  7. Dataset Overview
  8. Establishing Ground Truth
  9. Cryptocurrency Exchange Addresses and Token Contracts
  10. Identifying Typosquatting Domains
  11. Analysis
  12. Typosquatting Analysis
  13. Transaction Analysis
  14. Case Studies
  15. Squatting cryptocurrency influencers
  16. ...and 6 more sections

Figures (16)

  • Figure 1: Attackers can "surround" benign Web3 domains in order to capitalize from typos. Unlike traditional domain squatting, a single typo can result in the immediate and irrevocable loss of user funds.
  • Figure 2: High-level view of our data collection pipeline and how our analysis interfaces with different APIs and third-party services.
  • Figure 3: Frequency of the number of typosquatting registrations against legititmate names
  • Figure 4: Frequency of the different misspelling strategies used by typosquatters to form spelling variations of legitimate names
  • Figure 5: Correlation between the number of typosquatting names registered each year with the price of each cryptocurrency
  • ...and 11 more figures