Fraudsters purchase deceptive ENS domains that resemble legitimate ETH addresses, except that some letters are replaced with alphanumeric sequences.

Uniswap founder Hayden Adams took to social media to alert the crypto community to a new wave of scams targeting users through deceptive user interfaces (UI) in crypto wallets.

Adams' warning reveals how scammers are using fake clones of Ethereum Name Service (ENS) domains to trick users and potentially steal funds.

How the scam works

In a post on

The scam involves fraudsters purchasing an ENS domain name that closely resembles a legitimate Ethereum address but replaces the alphabetic characters with an alphanumeric sequence.

Later, when unsuspecting users enter real Ethereum addresses into their crypto wallet user interfaces, these interfaces display the scammer's address as the primary result, rather than the address of the intended recipient. This could lead to users sending funds to a scammer’s address without their knowledge.

He highlighted one specific example where a bad actor purchased the ENS domain "[myEthereumAddress].eth", which was very similar to his own Ethereum address "0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa".

Adams stressed the importance of an interface with integrated filters to combat these scams and advised users to exercise caution. "The user interface is recommended to filter out this content," he said.

After this article was published, ENS founder Nick Johnson expressed his opinion that interfaces should avoid auto-completion of names entirely, as he believed it was too risky. He noted that their user experience (UX) guidelines discourage this practice.

ENS stands for Ethereum Name Service and is a domain name system built on the Ethereum blockchain. It enables users to replace complex Ethereum addresses with more user-friendly and easy-to-understand names such as "myname.eth".

Scammers exploit ENS domain to impersonate major exchanges

In related incidents, scammers have previously used ENS domains to impersonate wallets from major exchanges by registering multiple ENS domains with a single address that closely resembled the hex addresses of highly active addresses. The scammers then added ".eth" to the end of these addresses.

For example, the FTX address "0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2" is impersonated as "0x2FAF487A4414Fe77e2327F0bf4AE2a264a776AD2.eth"1.

The main purpose is to intercept payments made to these impersonated addresses, leveraging the functionality of many wallets that support the ENS domain as a valid destination for asset transfers. As a result, users could unknowingly send assets to these fake domains with a single mistaken click. #ENS #域名诈骗