Domain spoofing on the rise as cybercriminals see some crypto sites as a ‘perfect target’

The crypto industry has become synonymous with hacking. Blockchain intelligence firm Chainalysis found that hackers stole an estimated $3.2 billion in 2021, a 516% increase from 2020.

As governments tackle ransomware attacks, hackers are turning to different techniques. A new report from cybersecurity firm Bitdefender has revealed that website spoofing – or attacks where cybercriminals create international domain names that mimic a target’s domain name – has become one of the new strategies the most widespread.

According to Bitdefender analysis, websites such as Blockchain.com and Binance account for 77% of spoofing attacks for the top 10 most targeted websites. Facebook, by comparison, is 9%.

“It’s like a perfect target for these actors,” said Martin Zugec, director of technical solutions at Bitdefender.

Neither Blockchain.com nor Binance provided data on spoofing attacks, but each said they were vigilant in dealing with them.

“We use internal and external tools to detect phishing websites at different stages of the user lifecycle, from domain name registration to putting a website online,” Jimmy said. Su, Chief Security Officer of Binance. Fortune. “All detected phishing websites are removed via multiple third-party vendor services.”

A Blockchain.com spokesperson said the company conducts 24/7 monitoring to identify and remove phishing campaigns.

A basic type of spoofing attack, or homograph phishing, involves substituting letters or numbers of popular domain names to create websites that look similar, replacing the two O’s in Google with zeros , for example. Zugec said identity theft increased with the introduction of international domain names, when cybercriminals started using similar letters from different alphabets to direct users to fraudulent sites. Some of the letters are close enough to be barely perceptible to users, or even invisible.

While browsers have cracked down on this practice, such as restricting non-Latin characters, different apps are still vulnerable, with Zugec citing Microsoft Office as an example, as well as some messaging apps on mobile phones.

“Worth the extra effort”

Crypto-focused websites are particularly vulnerable to impersonation attacks. They tend to have a large concentration of funds and inexperienced users, providing a huge target. In 2021, Cybercrime Magazine discovered that over 30,000 crypto-related domains and subdomains had been identified as suspicious or warranted investigation.

Additionally, with law enforcement going after hacking groups, like the US Treasury Department sanctioning cryptocurrency mixing software Tornado Cash, cybercriminals are turning to different means. Carpet pulls, where developers build seemingly legitimate cryptocurrency projects and then disappear with funds from investors, are a relatively new development, according to Chainalysis. Homograph phishing attacks are also making a comeback. Blockchain.com, for example, was once the target of a $27 million spoofing attack in 2019.

Spoofing attacks are difficult to set up and maintain, making larger crypto websites like Blockchain.com even more attractive to cybercriminals. “It’s worth the extra effort,” Zugec added.

He said Fortune that while it is difficult to estimate how much money the recent increase in impersonation attacks has brought in, “What we know for sure is that these cryptocurrency scams are particularly very successful.”

Sign up for the Fortune Includes a mailing list so you don’t miss our biggest features, exclusive interviews and surveys.