TY - GEN
T1 - Panning for gold.eth
T2 - 2024 ACM Internet Measurement Conference, IMC 2024
AU - Muzammil, Muhammad
AU - Wu, Zhengyu
AU - Balasubramanian, Aruna
AU - Nikiforakis, Nick
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/11/4
Y1 - 2024/11/4
N2 - Ethereum Name Service (ENS) domains allow users to map human-readable names (such as gold.eth) to their cryptocurrency addresses, simplifying cryptocurrency transactions. Like traditional DNS domains, ENS domains must be periodically renewed. Failure to renew leads to expiration, making them available for others to register (a phenomenon known as dropcatching). This presents a security risk where attackers can register expired domains to leverage the residual trust associated with them and, in the context of ENS, receive transactions intended for their previous owners. In this paper, we conduct the first large-scale study on dropcatching in ENS domains. We curate and analyze a dataset comprising 3.1M ENS domains and 9.7M Ethereum transactions, finding that 241K of these domains were re-registered by new owners after expiration. Our findings indicate a preference for domains linked to high-income wallets in re-registrations. We identify 2,633 transactions that were misdirected to new owners, averaging the equivalent of thousands of US dollars. Lastly, we highlight the lack of countermeasures by digital wallet providers, and suggest straightforward approaches that they can use to minimize financial losses due to ENS dropcatching.
AB - Ethereum Name Service (ENS) domains allow users to map human-readable names (such as gold.eth) to their cryptocurrency addresses, simplifying cryptocurrency transactions. Like traditional DNS domains, ENS domains must be periodically renewed. Failure to renew leads to expiration, making them available for others to register (a phenomenon known as dropcatching). This presents a security risk where attackers can register expired domains to leverage the residual trust associated with them and, in the context of ENS, receive transactions intended for their previous owners. In this paper, we conduct the first large-scale study on dropcatching in ENS domains. We curate and analyze a dataset comprising 3.1M ENS domains and 9.7M Ethereum transactions, finding that 241K of these domains were re-registered by new owners after expiration. Our findings indicate a preference for domains linked to high-income wallets in re-registrations. We identify 2,633 transactions that were misdirected to new owners, averaging the equivalent of thousands of US dollars. Lastly, we highlight the lack of countermeasures by digital wallet providers, and suggest straightforward approaches that they can use to minimize financial losses due to ENS dropcatching.
KW - blockchain
KW - cryptocurrency
KW - domains
KW - nfts
UR - https://www.scopus.com/pages/publications/85212487163
U2 - 10.1145/3646547.3689009
DO - 10.1145/3646547.3689009
M3 - Conference contribution
AN - SCOPUS:85212487163
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 731
EP - 738
BT - IMC 2024 - Proceedings of the 2024 ACM Internet Measurement Conference
PB - Association for Computing Machinery
Y2 - 4 November 2024 through 6 November 2024
ER -