Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cybersquatting in Web3: The Case of NFT

Kai Ma, Ningyu He, Jintao Huang, Bosi Zhang, Ping Wu, Haoyu Wang

TL;DR

The paper addresses the rising threat of cybersquatting in the NFT domain by performing the first large-scale measurement on Ethereum, analyzing over $2.2\times 10^5$ NFT collections and more than $1.5\times 10^8$ tokens to uncover $8{,}019$ cybersquatting collections targeting 654 popular projects. It introduces a four-stage detection pipeline and identifies seven naming tactics, with combination squatting as the dominant strategy and mutation-based variants indicating adaptive evasion. The study further characterizes cybersquatting collections across creation time, supply, market activity, content theft, and social media, revealing that victims exceed $6.70\times 10^5$ and scammers profited over $59.26$ million via mint fees and creator earnings, driven by organized campaigns. The findings emphasize the need for proactive countermeasures—ranging from stricter marketplace policies to cross-market intelligence and real-time detection—to reduce financial losses and phishing risks in the NFT ecosystem.

Abstract

Cybersquatting refers to the practice where attackers register a domain name similar to a legitimate one to confuse users for illegal gains. With the growth of the Non-Fungible Token (NFT) ecosystem, there are indications that cybersquatting tactics have evolved from targeting domain names to NFTs. This paper presents the first in-depth measurement study of NFT cybersquatting. By analyzing over 220K NFT collections with over 150M NFT tokens, we have identified 8,019 cybersquatting NFT collections targeting 654 popular NFT projects. Through systematic analysis, we discover and characterize seven distinct squatting tactics employed by scammers. We further conduct a comprehensive measurement study of these cybersquatting NFT collections, examining their metadata, associated digital asset content, and social media status. Our analysis reveals that these NFT cybersquatting activities have resulted in a significant financial impact, with over 670K victims affected by these scams, leading to a total financial exploitation of $59.26 million. Our findings demonstrate the urgency to identify and prevent NFT squatting abuses.

Cybersquatting in Web3: The Case of NFT

TL;DR

The paper addresses the rising threat of cybersquatting in the NFT domain by performing the first large-scale measurement on Ethereum, analyzing over NFT collections and more than tokens to uncover cybersquatting collections targeting 654 popular projects. It introduces a four-stage detection pipeline and identifies seven naming tactics, with combination squatting as the dominant strategy and mutation-based variants indicating adaptive evasion. The study further characterizes cybersquatting collections across creation time, supply, market activity, content theft, and social media, revealing that victims exceed and scammers profited over million via mint fees and creator earnings, driven by organized campaigns. The findings emphasize the need for proactive countermeasures—ranging from stricter marketplace policies to cross-market intelligence and real-time detection—to reduce financial losses and phishing risks in the NFT ecosystem.

Abstract

Cybersquatting refers to the practice where attackers register a domain name similar to a legitimate one to confuse users for illegal gains. With the growth of the Non-Fungible Token (NFT) ecosystem, there are indications that cybersquatting tactics have evolved from targeting domain names to NFTs. This paper presents the first in-depth measurement study of NFT cybersquatting. By analyzing over 220K NFT collections with over 150M NFT tokens, we have identified 8,019 cybersquatting NFT collections targeting 654 popular NFT projects. Through systematic analysis, we discover and characterize seven distinct squatting tactics employed by scammers. We further conduct a comprehensive measurement study of these cybersquatting NFT collections, examining their metadata, associated digital asset content, and social media status. Our analysis reveals that these NFT cybersquatting activities have resulted in a significant financial impact, with over 670K victims affected by these scams, leading to a total financial exploitation of $59.26 million. Our findings demonstrate the urgency to identify and prevent NFT squatting abuses.

Paper Structure

This paper contains 39 sections, 13 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Study Design
  4. Research Questions
  5. Data Collection
  6. Smart Contract & Transfer Event
  7. Market Trade
  8. NFT Metadata
  9. Identifying NFT Cybersquatting
  10. Stage I: Candidate Filtering
  11. Stage II: Cybersquatting Keywords Generating
  12. Stage III: Cybersquatting Keywords Matching
  13. Stage IV: False Positives Filtering
  14. RQ1: NFT Cybersquatting Naming Tactics
  15. Overall Result
  16. ...and 24 more sections

Figures (13)

  • Figure 1: The lifecycle of NFTs, where solid lines represent function calls (e.g., mint and sell), and dashed lines indicate the ETH flow. NFTs are marked with symbols whenever they are transferred between entities.
  • Figure 2: The workflow of identifying cybersquatting NFT collections.
  • Figure 3: The longitudinal evolution of naming tactics of cybersquatting NFT collections.
  • Figure 4: The distribution of (cybersquatting) NFT collections according to the deployment time.
  • Figure 5: The comparison of the total supply between official and cybersquatting NFT collections.
  • ...and 8 more figures