Decentralized exchange (DEX) Uniswap’s founder, Hayden Adams, has issued a warning to the crypto community regarding a scam involving wallet addresses being used as Ethereum Name Service (ENS) domains.
Adams took to X on Feb. 14 to share his concerns about scammers impersonating his Ethereum wallet. He explained that these scammers have copied and registered his wallet address as an ENS wallet with the .eth domain. As a result, when users paste his wallet address into certain interfaces, an ENS match unrelated to his address appears as the top search result.
The purpose of this scam appears to be to confuse individuals sending digital assets, causing them to inadvertently send their crypto to the wrong address instead of the intended recipient. In light of this, Adams urged user interfaces to filter out such addresses to prevent any losses resulting from this attack vector.
While this scam vector may seem new, Taylor Monahan, the founder of Ethereum wallet manager MyCrypto, revealed in a post that the same scam vector was used in the early days of the MyEtherWallet wallet service. Monahan added that it disrupted registrations and resolutions for names starting with “0x” at the time.
Nick Johnson, the founder and lead developer of ENS, also commented on this scam vector, advising interfaces not to autocomplete names. Johnson stated that this practice is “far too dangerous” and goes against ENS’s user experience guidelines.
In related news, crypto investors reported receiving emails in January from scammers impersonating major Web3 companies. These scammers carried out a large-scale email campaign promoting fake airdrops while pretending to represent firms such as Cointelegraph, WalletConnect, Token Terminal, and other crypto companies.
It was later discovered that this phishing attack was caused by a security breach at the email marketing firm MailerLite. On Jan. 24, the company confirmed that hackers had gained control of Web3 accounts through a social engineering attack. According to research conducted by Nansen’s analytics platform, the scammer’s phishing wallet received approximately $3.3 million in inflows since the campaign began.