A scammer claims to have become a Bitcoin millionaire by using a technique known as ‘typosquatting.’
The man says he scooped more than 200 Bitcoin over a period of four years, with many individual users losing in excess of $20,000 each.
What is typosquatting?
Typosquatting is where malicious actors put up sites that look like the real thing, but locate them one or two letters (or characters) off the real address.
So on the real web, that might be someone typing in googl.com instead of google.com. That’s why every exchange encourages you to check the URL is correct before proceeding.
In one well known example last year, scammers threw up an exact replica of the Binance site with a https:// security certificate and everything. The only way to tell the URL was fake was by looking at the two little dots under the ‘n’s in the URL.
More common on Dark Web
The threat of typosquat domains on the dark web is significantly higher because .onion domains are intentionally complex, often appearing as a long set of random characters.
See if you can spot the different between: “tochka3evlj3sxdv[.]onion” and the typosquat: “tochka3evevasc32[.]onion”
The attacker hit sites including AlphaBay, Hidden Answers, Valhalla, Grams, Hansa Market and more.
Users then sent Bitcoin to the site’s wallet addresses, hoping to buy whatever nefarious stuff they they were after.
Like most scams, it thrives among criminal activity. Users trying to buy drugs or weapons on the dark web are unlikely to contact police to complain of being ripped off.
“You can’t con an honest man’ they say.
Bragging about his crimes
The scammer’s claims came to light after he bragged about them in a post on a spoofed domain.
“I never expected that amount of payments – really – are you all stupid? Is really nobody verifying the URLs they’re on,” he wrote.
He claimed the network served more than 800 onion domains on 20 front end servers and received about 5000 hits a day.
The scammer says he set up the network out of boredom, never expected it to be profitable, and was shutting it down before he got caught.
“I’m going to retire now.”
What happens in the shadows
The scammer’s claims were analysed by a company called Digital Shadows, which says it cannot confirm exactly how much the attacker netted.
However Digital Shadows says the attacker’s claim of using 800 domains was credible, after it unearthed more than 500 of them.
Harrison Van Riper, a strategy and research analyst at the firm first stumbled across a domain spoofing a ‘real’ dark web domain in November last year. He then tumbled down the rabbit hole and investigated the rest.
“The scammer claimed they had made off with a lot of money: 200 BTC. That’s nothing to scoff at. If what the fraudster says is true, it proves how profitable brand impersonation and domain squatting can be,” he said.
Digital Shadows says typosquatting is extremely common on the WWW too. The company raised over 45,000 typosquat alerts to its clients last year alone.