Hayden Adams, the founder of Uniswap, took to Twitter on Tuesday, February 13, 2024, to alert the crypto community about a new wave of scams targeting users through deceptive user interfaces (UIs) in crypto wallets.
Adams explained that he encountered a scam that involved someone buying an Ethereum Name Service (ENS) domain that was identical to his Ethereum address. ENS is a service that allows users to register human-readable names for their Ethereum addresses, such as “hayden.eth”. When he pasted his address into some UIs, the top result was an ENS match instead of the resolved ENS name, which could trick users into sending funds to the wrong address.
He shared a screenshot of the scam on his tweet, which has since received over 2,000 likes and 500 retweets. He also posted a follow-up tweet, saying that the owner of the fake ENS domain contacted him and claimed that they did not realize the UI implications and were only speculating on its provenance. The owner also sent him the ENS domain and said they would do the same for similar ENS domains they owned.
Adams said he was inclined to believe that the owner was not malicious, but rather naive, and that people will speculate on anything in crypto. However, he still warned that UIs should be aware of this potential phishing attack and avoid showing ENS domains that are identical to an address and probably avoid autocompleting ENS domains too.
He also clarified some of the features and functions of crypto wallets, such as seed phrases, private keys, and public keys, and said that his team was working on improving the user experience and security of their wallet.
Following Adams’ warning, Nick Johnson, the founder of ENS, expressed his view that interfaces should refrain from autocompleting names altogether, deeming it excessively risky. He noted that such a practice is discouraged in their user experience (UX) guidelines, which provide best practices and recommendations for developers and designers who want to integrate ENS into their applications.
The ENS scam is not the first of its kind, as scammers have been using various methods to exploit the vulnerabilities and loopholes of crypto wallets and UIs. In December 2023, a hacker stole over $120 million worth of crypto from users of MetaMask, a popular browser extension that allows users to access Ethereum-based applications, by creating a fake version of the extension and tricking users into installing it and entering their seed phrases.
The crypto community is advised to be vigilant and cautious when using crypto wallets and UIs, and to always double-check the addresses and names before sending or receiving funds. Users should also keep their seed phrases and private keys safe and secure, and never share them with anyone or enter them into untrusted websites or applications.
Source: https://azcoinnews.com/uniswap-founder-warns-of-new-ens-scam-in-crypto-wallets.html
