Domain spoofing on the rise as cybercriminals see some crypto sites as ‘perfect targets’
The crypto industry has become synonymous with hacks. Blockchain intelligence firm Chainalysis found that criminal hackers stole approximately $3.2 billion in 2021 – a 516% increase from 2020.
With governments dealing with ransomware attacks, hackers are resorting to different techniques. A new report from cyber security company Bitdefender found that website spoofing – or attacks where cybercriminals create international domain names that imitate a target’s domain name – has become one of the most widespread new strategies.
According to Bitdefender’s analysis, sites like blockchain.com and Binance account for a staggering 77% of fake attacks for the 10 most targeted sites. In comparison, Facebook accounts for 9%.
“It’s like a perfect target for these actors,” said Martin Zugec, director of technical solutions at Bitdefender.
Neither Blockchain.com nor Binance provided data on spoofing attacks, but each said they were vigilant in addressing them.
“We use both internal and external tools to detect phishing websites at various stages of the user lifecycle, from domain name registration to a website going live,” Binance Chief Security Officer Jimmy Su told Binance. Fortune. “All detected phishing sites are removed through multiple third-party vendor services.”
A Blockchain.com spokesperson said the company conducts 24/7 monitoring to identify and remove phishing campaigns.
A basic type of spoofing attack, or homograph phishing, is replacing letters or numbers from popular domain names to create look-alike websites—for example, changing Google’s two O’s to zero. Zugec said spoofing increased with the introduction of international domain names, as cybercriminals began using similar letters from different alphabets to steer users towards fraudulent websites. Some of the letters are close enough to be barely noticeable to users – or even invisible.
While browsers have cracked down on the practice — such as limiting non-Latin characters — various applications remain vulnerable, with Zugec citing Microsoft Office as an example, as well as some messaging apps on mobile phones.
“Worth the extra effort”
Crypto-focused websites are particularly vulnerable to fake attacks. They tend to have a large concentration of funds and inexperienced users, which makes for a large target. In 2021, The magazine about cybercrime found that more than 30,000 crypto-related domains and subdomains were identified as suspicious or worth investigating.
Furthermore, with law enforcement agencies going after hacker groups – such as the US Treasury Department sanctioning cryptocurrency mixing software Tornado Cash – cybercriminals are resorting to different means. Rug pulls, where developers build seemingly legitimate cryptocurrency projects and then disappear with investors’ funds, are a relatively new development, according to Chainalysis. Homograph phishing attacks are also making a comeback. Blockchain.com, for example, had previously been targeted by a $27 million spoofing attack in 2019.
Spoofing attacks are difficult to set up and maintain, making larger crypto sites like Blockchain.com even more attractive to cybercriminals. “It’s worth the extra effort,” Zugec added.
He told Fortune that while it is difficult to estimate how much money the recent increase in fake attacks has generated, “What we know for sure is that these cryptocurrency scams are very successful.”
sign up Fortune features mailing list so you don’t miss out on our biggest features, exclusive interviews and surveys.
