Yesterday, the inventor of the Uniswap protocol, Hayden Adams, reported an incident involving the apparent fraudulent use of ENS domains.
Scammers are purchasing ENS domains resembling your address, like “[myEthereumAddress].eth”. When you paste your actual address into certain wallet interfaces, this fraudulent ENS name might appear as the top result, tricking unsuspecting users into sending funds to the wrong address.
“My address is 0x11E4857Bb9993a50c685A79AFad4E6F65D518DDa when you paste in my address, some UIs show the scammer account first”
This incident highlights a critical vulnerability in some wallet user interfaces. Ideally, when you paste your address, the interface should prioritize an exact match on the address itself, not just displaying similar ENS names. This flaw creates a dangerous opening for scammers to exploit .
Emphasizing the observation made by user raffy.eth, it’s noteworthy to mention that individuals have initiated the registration of their own EOAs, as depicted in the following image:
This could be the result and fear of some individuals that, in the future, there might be more ways in which their personal addresses could be used for scams or simply exploited with vulnerabilities in the UI design of wallets
As a final note, the user who owns the address associated with Nicky Hayden (scammer) contacted him and decided to transfer the ENS domain, stating that their intentions are purely speculative in the ENS market, as evidenced in the post.
However, it is a potential attack vector that can be exploited in different ways.
Recomendations:
Double-check before sending: Always verify the recipient’s address meticulously, even if a familiar ENS name appears as a suggestion. Never assume the top result is correct.
Consider alternatives: Explore wallets with more robust security features and stricter address verification procedures.
UI design most prioritize exact address matches in their interface. This simple change can significantly reduce the risk of falling victim to this scam.