skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
Study Analyzes Typosquatting Risks in Blockchain Name Systems

Study Analyzes Typosquatting Risks in Blockchain Name Systems

/ 4 min read

stories , ethereum , blockchain , web3 , typosquatting , blockchain naming systems

Quick take - The article presents a large-scale analysis of typosquatting within Blockchain Name Systems (BNS), highlighting the risks associated with human-readable names in cryptocurrency transactions, the increasing prevalence of such attacks, and the need for improved security measures to protect users from financial losses.

Fast Facts

  • The Blockchain Name System (BNS) simplifies cryptocurrency transactions by using human-readable names instead of complex addresses, but it is vulnerable to typosquatting attacks.
  • Typosquatting involves malicious actors registering names similar to legitimate BNS names, leading to potential irreversible financial losses for users who mistakenly send funds to these fraudulent addresses.
  • A large-scale analysis of typosquatting in BNSs, covering 4.9 million names and 200 million transactions, reveals an annual increase in such registrations and significant financial losses, averaging $1,790 per transaction.
  • The study highlights that the Ethereum Name Service (ENS) is the most targeted BNS, and many users fail to register variations of their domains to protect against attacks, unlike practices in traditional domain registrations.
  • The research calls for enhanced security measures within BNSs to safeguard users as the popularity of these systems grows, emphasizing the need for better defenses against typosquatting.

The Blockchain Name System (BNS) and Typosquatting Risks

The Blockchain Name System (BNS) is designed to simplify cryptocurrency transactions by replacing complex cryptographic addresses with human-readable names. This innovation, however, introduces certain risks, particularly the susceptibility to typosquatting attacks.

Understanding Typosquatting Attacks

In these attacks, malicious actors register names that closely resemble legitimate BNS names, exploiting user errors during fund transfers. Such errors can lead to irreversible financial losses for users who mistakenly send cryptocurrency to fraudulent addresses. The research presented in this article is the first large-scale analysis of typosquatting within BNSs, focusing on three major services: the Ethereum Name Service (ENS), Unstoppable Domains (UD), and ADAHandles (ADAH). The dataset analyzed is extensive, encompassing 4.9 million BNS names and 200 million transactions, making it the largest dataset of its kind to date.

The study highlights several challenges unique to studying typosquatting in BNSs, especially when compared to traditional Domain Name Systems (DNS). It reveals that typosquatting registrations have been increasing annually, with thousands of transactions inadvertently sent to typosquatters targeting popular BNS names, including those owned by prominent Twitter/X users. The findings indicate a lack of existing defenses against typosquatting in both custodial and non-custodial wallets, prompting the authors to propose potential countermeasures to enhance user security.

The Role of BNSs in Digital Identity Management

BNSs provide users with the ability to manage their digital identities and assets independently of centralized authorities. ENS, which launched in May 2017, operates on the Ethereum blockchain and utilizes smart contracts for domain management. Unstoppable Domains functions on both Ethereum and Polygon, allowing for the registration of permanent domains that can hold various records. ADAH, based on the Cardano blockchain, employs a UTXO-based transaction model without the use of smart contracts.

The study emphasizes the differences between BNSs and traditional DNS, particularly regarding aspects of centralization and censorship resistance. It reveals that ENS is the most frequently targeted BNS for typosquatting. Interestingly, the majority of users do not take proactive measures to register variations of their own domains to defend against potential attacks, which is a stark contrast to standard practices observed in traditional domain name registrations.

Financial Implications and the Need for Security Enhancements

Financially, the average amount sent to typosquatting domains is approximately $1,790, suggesting significant losses for users. Furthermore, the research includes a case study on typosquatting targeting cryptocurrency influencers on Twitter/X, uncovering a high incidence of such attacks. The study underscores an urgent need for enhanced security measures within BNSs to protect users from the growing threat of typosquatting attacks.

As the popularity of BNSs continues to rise, ensuring user safety and mitigating these risks will be critical for the future of blockchain-based identity systems.

Original Source: Read the Full Article Here

Check out what's latest

Study Reveals Most Commonly Used Passwords in 2024
Study Reveals Most Commonly Used Passwords in 2024
New Model Enhances Detection of Zero-Day Malware Exploits
New Model Enhances Detection of Zero-Day Malware Exploits
Phishing Detection Systems Evaluated Against LLM-Rephrased Emails
Phishing Detection Systems Evaluated Against LLM-Rephrased Emails