Cryptosquatting is on the rise, with cybersquatters looking for easy profit in blockchain domains

Cryptosquatting, aka cybersquatting 2.0, is an emerging way to fraudulently monetize web3 domains. Investors and businesses should be aware of the looming trend and take precautions to protect their assets.


Cryptosquatting, aka domain squatting, domain name squatting, brandjacking (in a narrower sense), or URL hijacking, is a practice of registering domain names that closely resemble other popular domain names or brands in order to deceive unsuspecting users, direct traffic to your website, or sell the domain name to the rightful owner of the brand for profit.

Domain squatting has been prevalent in the DNS (Domain Name System) for over two decades, and recently, it has spread to the crypto space, becoming known as cryptosquatting (also crypto squatting).

How does cybersquatting work?

Cybersquatting usually takes advantage of common typographical errors or misspellings or utilizes prefixes, suffixes, word inversion, or TLD (domain ending) variants. With these methods, cybersquatters are able to trick users into visiting their websites or pressure brand owners to redeem the domains for brand protection.

Since the middle of the 90s, cybersquatting has become a widespread phenomenon in the domain name industry, partially mitigated by the legislation developed several years later, namely the Anti-Cybersquatting Consumer Protection Act (ACPA) in the United States and ICANN's Uniform Domain-Name Dispute-Resolution Policy (UDRP) applied worldwide.

Cryptosquatting: cybersquatting 2.0 in the web3 space

With the boom in the crypto space and the rise of blockchain-based domains (as well as other DLT-based domains), cybersquatting has expanded to the web3 zone, with domain name squatters looking for easy money opportunities in the DNS alternatives, such as the ENS (Ethereum Name Service), Unstoppable Domains, the HNS (Handshake Name Service), or other decentralized domain naming protocols.

In an unregulated space, with the lack of clear rules and institutional oversight, cybersquatters – now in the "capacity" of cryptosquatters – enjoy the Wild West type of freedom. According to a recent release from IP Twins, "blockchain domains are growing extensively" and "it can certainly be said that the level of "cryptosquatting" is equivalent to the level of cybersquatting in the middle of the 1990s."

What are the differences between cybersquatting and cryptosquatting, and how do cryptosquatters make money?

In both cases, squatters target popular addresses looking to monetize the lookalike names in one way or another. However, "business models" in particular domain naming systems may differ due to specific limitations and opportunities.

While "classical" cybersquatters may want to exploit typos (so-called typosquatting, a variation of cybersquatting) for driving traffic to their websites, such an approach is less likely to be applied in the crypto space, as web3 websites are hardly popular – although it's likely to change in the future.

On the other hand, cybersquatters are prone to target a blockchain domain as a crypto wallet address, hoping that a person mistakenly sends cryptocurrency or tokens to the lookalike address rather than the cybersquatted (original) one.

"Don't pay money to extortionists!" Etherscan reacts to a possible cryptosquatting attempt

So far, cryptosquatting hasn't been highlighted by the media as extensively as cybersquatting. The phenomenon is on the rise, but it's essentially limited to the web3 world, unaffecting businesses operating outside this sector of the online economy. Nevertheless, both brands and users venturing into the crypto space need to think ahead and avoid falling prey to profit-greedy cryptosquatters.

A recent tweet from Officer's Notes, an "independent security researcher blogging at, indicates that cryptosquatting may be gaining popularity among crypto phishers.

According to the post, a person registered an ENS address confusingly similar to that of the author, owner of the officercia.eth domain name. The person in question acquired an analogous name, differing from the one mentioned with regard to the word order: officercia.eth.

As reported by the Officer's Notes account, the person was "trying to extort money" from them. The author has published a message from the alleged cryptosquatter, which they call a proof of a scam attempt.

However, "James's" intentions are not so obvious, as he clearly offers to sell the name at a breakeven price and claims he has never received any donations to the lookalike account. Nevertheless, Officer's Notes managed to obtain a reaction from the Etherscan team, who posted a warning on the address's landing page informing users about the possible impersonation attempt and advising caution.

Wrapping it up, cryptosquatting or cybersquatting 2.0 is a growing trend in the web3 space. Businesses and investors should be aware of the issue and take the right precautions to protect their intellectual and financial assets from unexpected interference or malicious actions.