Without statistical evidence, I can safely say that there are several hackers trying to scam your crypto out of your wallets. Despite this, several people in this space aren’t equipped with basic security arrangments to safeguard their bitcoin and they fall prey to crypto hijackings.

Crypto hijacking is a process of stealing bitcoin and other crypto assets from user wallets. It was a well-known fact that no one can hack the Bitcoin network to steal as it is impossible to alter each and every node on the blockchain. So, it is easy for hackers to target the people who hold Bitcoin who haven’t employed basic safety precautions.

There are several traditional methods out there for hackers to “hijack” a user’s account. This includes phishing, getting information from public WIFI networks, cracking SMS and 2F codes, etc. This article will introduce you to one of the most popular methods hackers use to steal bitcoin: punycode. Punycode is a method that has equipped hackers to redirect people to websites that would be part of a scam. It is a very effective fraudulent practice among malicious hackers, and the crypto community needs to be aware of this malpractice.

In this article, we will walk you through the punycode with reference to a fraudulent airdrop, claimed to be from the popular crypto news platform – CoinDesk, that was circulated in the crypto community circles. Take a look at what happened with the fraudulent airdrop email forged with Coindesk’s name.

The Malicious AirDrop Email fromCoinDesk

A couple of weeks ago, a bunch of crypto users received an airdrop email claiming to be sent from Coindesk. And in exchange, this required some amount of BTC or EOS transferred to a particular wallet.

Note: This Email was not officially sent by CoinDesk, and the reason is explained below.
Image Source: CoinDesk

Here’s the TL;DR:

  • The mail claims that EOS is rewarding the community with tokens.
  • The mail was well-structured and designed perfectly by hackers which includes CoinDesk’s domain name in it.
  • The mail address looked legit [email protected].

CoinDesk being a reputable crypto news platform with nearly nine million monthly page-views has gained the trust of its readers and consequently would not raise any suspicion of malpractices.

Once the link on the fake email was clicked, the mail led them into a Punycode scam page. The domain name on the email, the content quality on the web page, and the trust users had in CoinDesk made it seem authentic.

Image Source: CoinSutra YouTube

As you can see, in the above picture, the process of participating was clearly and comprehensively explained. This reinforced the reader to trust the email and not suspect any fraudulent activity; therefore, they would be obliged to click on the link.

Image Source: CoinSutra YouTube

So what’s suspicious with this WebPage?

Even though this page looked authentic, the webpage names are not originally registered domains. The domain names are included with different characters and these characters are called Punycode.

What is Punycode?

Punycode is a possible method to register web domains with foreign characters. It works by converting an individual domain name to an alternative format. This conversion can be done using ASCII characters.

For Example, the domain name: CoinDesk.com is equivalent to CoinĎesk.com
[In case you didn’t notice, the second mention on CoinĎesk.com has an accent above the character “D”.]

Punycode hacks are one of the trickiest forms of hacking using various techniques and processes. With this trick, users are sent to the web address which is created using Unicode, and the page looks exactly the same as the webpage from where it was copied. Take a look at these images below:

Figure A
Image Source: CoinSutra YouTube

In Figure A, notice the “K” in www.coindesk.com in the image and the tiny dot below it. On the original domain – www.coindesk.com, the “K” doesn’t appear with any such special characters.

Figure B
Image Source: CoinSutra YouTube

Similarly, in Figure B, in the ether wallet URL, notice the dot above W and T. these characters are called Punycodes.

Personally, I found this particular case, the fake email claiming to be sent from CoinDesk, well-packed and fool-proof. A huge number of fake URLs such as this circulating in social media can be harmful to those who are unaware of such elaborate, fraudulent practices. It is hard to notice punycode at first. Many users might even end up mistaking it for a speck of dust on their device monitors or screens when clearly it isn’t.

This situation gets even worse on the mobile phone screens; one would need a magnifying glass to reveal and realize the issue in the URL.

Without knowing this trick, traders will be tricked into transferring money to scammers. In the bigger picture, such practices will instill a sense of negativity and foreboding among crypto users and will, in turn, affect mass adoption.

Now the question is, how one can be protected from punycodes?

Let me provide you with a solution, There are a plethora of plugins available in your average web browser like Google Chrome. Among them, the most popular, user-friendly plugin is Punycode Alert.

Image Source: Chrome

Punycode alert is an extension plugin which is available in the Google Chrome Web Store.

This plug-in will alert you when a Unicode URL has been spotted with punycode and will prevent any malpractices from taking place.

Once punycode appears on a webpage, the plugin will throw an alert pop-up message on the right corner of the browser as shown in the image.

If someone landed on such a page even after seeing the pop-up message, the plugin will throw another strong alert message, requesting for admin permission. Take a look at the image below.

Installing an additional plugin costs nothing compared to the price you pay for clicking on malicious links. This, I would say, requires a sense of “prevention is better than cure”. These precautions will help you protect your bitcoin and other crypto-assets.

Leave a comment

My Newsletter

Sign Up For Updates & Newsletters