Uniswap Founder Alerts Community to ENS Wallet Impersonation scam

Nick Johnson, the founder and lead developer of the Ethereum Name Service (ENS), weighed in on the recent scam, emphasizing the importance of interfaces refraining from autocompleting names.

Hayden Adams, the creator of the decentralized exchange (DEX) Uniswap, raised awareness within the crypto community regarding a fraudulent scheme exploiting Ethereum Name Service (ENS) domains by utilizing wallet addresses. Adams issued a cautionary notice on February 14th, alerting users to scammers who had duplicated and registered his wallet address as an ENS domain ending in ".eth".

He further highlighted that certain user interfaces would display an ENS match unrelated to his address as the primary search result when his wallet address was pasted, potentially leading to erroneous crypto transfers. This tactic appears to be deliberately crafted to confuse individuals sending digital assets, potentially resulting in funds being sent to the wrong recipient. Adams advocated for user interfaces to implement filters to mitigate such risks and prevent losses stemming from this deceptive strategy.

Although this scam tactic appears to be relatively novel, Taylor Monahan, the founder of MyCrypto, noted its resemblance to past occurrences during the nascent stages of the MyEtherWallet service. Monahan recalled how similar tactics disrupted registrations and resolutions for names beginning with "0x" at that time.

Nick Johnson, the founder and lead developer of ENS, echoed concerns about the scam vector, emphasizing that interfaces should refrain from autocompleting names due to the inherent risks involved. He underscored that such practices are "far too dangerous" and cautioned against them, citing ENS's user experience guidelines.

In a related incident, crypto investors reported receiving deceptive emails in January impersonating prominent Web3 companies. On January 23rd, scammers orchestrated a widespread email campaign promoting fraudulent airdrops while masquerading as reputable entities such as Cointelegraph, WalletConnect, and Token Terminal, among others. Subsequent investigations revealed that this phishing attack was facilitated by a security breach at the email marketing firm MailerLite. On January 24th, MailerLite confirmed that hackers had gained unauthorized access to Web3 accounts through a social engineering attack.

According to estimates by the research team at analytics platform Nansen, the phishing wallet associated with the scam received inflows totaling approximately $3.3 million since the commencement of the campaign.