https://www.washingtonpost.com/technology/2021/10/08/cryptocurrency-scam-websites/
"Wwwblockchain.com isn’t a typo. Nor is hlockchain.com or blpckchain.com.
Those sites are set up to dupe Internet users trying to reach Blockchain.com, a website that lets users buy and sell cryptocurrency.
And there’s big money in little typos. A man in Brazil paid more than $200,000 worth of bitcoin between last November and February for those and other typo Web addresses, according to sales records leaked after a hack of Epik, an Internet services company favored by the far-right. He also purchased conibase.com for more than $16,000, meant to mimic Coinbase, another cryptocurrency exchange.
“The price that this person paid blows me away,” said Zack Allen, an expert at cybersecurity company ZeroFox.
The high price paid for the Web addresses, sometimes called domains, indicates someone thinks they’ll make a substantial profit. Domains ending in dot-com cost around $10 per year and scammers often rely on ones that are even cheaper...."
But last month, Coinbase announced 6,000 of its customers had their cryptocurrency stolen through a phishing attack, in which fake log-in pages are used to steal passwords. The attack took advantage of a “flaw” in Coinbase’s two-factor authentication security system, the company said. Coinbase said it reimbursed the customers, though it didn’t say how much was lost. There’s no known link between that attack on Coinbase’s customers and conibase.com.
The man with a Brazilian address who bought the domains between November and February didn’t respond to requests for comment from The Washington Post sent in English and Portuguese via email and WhatsApp. It’s not clear if he still controls the domain names or has sold them to others.
But the bulk of Epik’s business appears not to have been the far-right, but rather domain investors. Legitimate domain investors buy domain names — often for around $10 for dot-com Web addresses, sometimes less for other suffixes — and then flip them to someone who wants to use them. Sometimes short or particularly memorable Web addresses can sell for huge sums, like
HealthInsurance.com, which sold for more than $8 million dollars in 2019 to a company that markets health insurance plans. Short domain names often sell for thousands. Companies often buy up mistyped versions of their real Web addresses to protect against attacks like these, said Allen, whose firm ZeroFox offers to assist companies in finding and buying typo domains on their behalf.
An Epik spokesperson, replying from a generic email account, told The Post that “typodomains are a common tier of domains in the trading community.”
When investors sell domains — whether to cybercriminals or legitimate companies — they often use an escrow service to ensure that neither the buyer nor the seller is defrauding each other. Epik offered one such service, alongside its role as a domain registrar, selling the right to use a particular Web address.
According to records released in the hack, Epik served as an escrow agent for hundreds of transactions, including many legitimate ones. Epik appears to have charged a 2.5 percent fee for its escrow services — meaning it earned about $5,000 from the sale of the false cryptocurrency exchange Web addresses. The Post confirmed the authenticity of the records by checking with American purchasers of legitimate domains that the private details of the transactions shown in the leaked records were correct.
