Uniswap founder discovered a new scam scheme with ENS domains

Teacher

Teacher

Professional
Messages
2,669
Reaction score
819
Points
113
The creator of DEX Uniswap, Hayden Adams, spoke about a new vector of attacks on cryptocurrency users using the Ethereum Name Service (ENS).

first time I've seen this scam, so posting it as a heads up for users and interfaces

someone bought the ens "[myEthereumAddress].eth"

so when you paste in my address, the top result in some UIs is an ens match instead of the resolved ENS name

impt for UIs to filter these out pic.twitter.com/0cQAL5tQ0T
— hayden.eth (@haydenzadams) February 14, 2024
https://twitter.com/x/status/1757632516444311937
Click to expand...

The entrepreneur discovered that someone had bought an ENS domain in the form of his Ethereum address 0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa.

As a result, in some interfaces, the preferred search option is 0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa.eth, which is linked to a completely different wallet.

ENS domains allow you to use easily readable addresses instead of multi-digit numbers. So, for Hayden himself, this is hayden.eth, and, for example, for the founder of Ethereum, Vitalik Buterin, vitalik. eth.

cc @nicksdjohnson @spencecoin

fun fact: this scam vector is why we originally broke registrations & resolutions for all 0x… names in the early MEW days (in addition to rugging a slew of vanilla js hex handling bugs/vulns)
— Tay (@tayvano_) February 14, 2024
https://twitter.com/x/status/1757655888465469463
Click to expand...

"Fun fact: it was because of this possible scam vector that we initially closed registration and permissions for all 0x addresses back in the early days of MEW," commented Taylor Monahan of MetaMask, formerly a member of the MyEtherWallet wallet team.

ENS lead developer Nick Johnson of the Ethereum Foundation noted that interfaces should not, in principle, automatically fill in the address field, as this is "too dangerous".

IMO, interfaces shouldn't autocomplete names at all; it's far too dangerous. I think we advise against it in our UX guidelines.
— nick.eth (@nicksdjohnson) February 14, 2024
https://twitter.com/x/status/1757657430521942028
Click to expand...

"I think we don't recommend doing this in our UX guidelines," he added.
 
You must log in or register to reply here.

Similar threads

Tomcat
Fraudsters are robbing crypto investors using ENS domains
Replies
0
Views
237
Tomcat
Tomcat
Professor
The Cryptography of Trust: How the Stories of Former Carders Help Designers Create Interfaces That Instruct, Not Intimidate
Replies
0
Views
93
Professor
Professor
G
A Split in the Russian-Speaking Underground: Carders and Cybercriminals' Attitudes to Russia's War on Ukraine
Replies
0
Views
148
Good Carder
G
Professor
Carding as a Mirror of Financial Technologies: How Every Fintech Advance Has Given Birth to a New Wave of Cyberthreats
Replies
0
Views
113
Professor
Professor
G
Whispers of Cyber Shadows: A Time Capsule for Digital Artists in 2030
Replies
0
Views
226
Good Carder
G
Back
Top