Uniswap founder warns community about ENS wallet impersonation scam

ENS founder and lead developer Nick Johnson commented on the scam, saying that interfaces should not autocomplete names.

Hayden Adams, the founder of decentralized exchange (DEX) Uniswap, has warned the crypto community about a scam using wallet addresses as Ethereum Name Service (ENS) domains.

On Feb. 14, Adams shared a warning on X about scammers impersonating his Ethereum wallet. The executive explained that the scammers copied his wallet address and registered it as an ENS wallet with .eth. Furthermore, the Uniswap founder said pasting his wallet address in some user interfaces would show an ENS match unrelated to his true address as the top search result.

The scam seems designed to confuse digital asset senders who may accidentally send their crypto to the wrong address instead of the correct recipient. Adams urged user interfaces to filter out such addresses to avoid any losses from the attack vector.

While the scam vector seems very new, Taylor Monahan, the founder of Ethereum wallet manager MyCrypto, said in a post that the same scam vector was used in the early days of the wallet service MyEtherWallet. Monahan added that they “broke” registrations and resolutions for names beginning with “0x” at the time.

ENS founder and lead developer Nick Johnson also commented on the scam vector, saying that interfaces should not autocomplete names. The developer said that this was “far too dangerous” and that they advise against it in their user experience guidelines.

Related: Crypto is rife with impersonation scams, don’t let them steal your money

Meanwhile, crypto investors reported receiving emails from scammers impersonating major Web3 companies last month. On Jan. 23, scammers facilitated a wide scale email campaign that promoted fake airdrops while pretending to be from firms like Cointelegraph, WalletConnect, Token Terminal and other crypto companies.

It was later determined that the phishing attack was caused by a security breach at the email marketing firm MailerLite. On Jan. 24, the firm confirmed that hackers gained control of Web3 accounts through a social engineering attack. Analytics platform Nansen’s research team estimated that the scammer’s phishing wallet received inflows of about $3.3 million since the campaign started.