Heimdal™ Security SOC Team Discovers Typosquatting Domain Masquerading as Crypto-Swapping Platform

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Heimdal™ Security’s Security team has recently unearthed a new typosquatting domain specifically crafted to resemble Trader Joe XYZ’s URL, one of the most sought-after cryptocurrency trading platforms. Tricked by a typo in the spelling of the crypto-swapping platform’s URL, users would send their MetaMask wallets to an unknown party or parties that would ultimately despoil their contents.

Misspelled URL puts Thousands of Traders at Risk

Earlier today, Heimdal™ reported that a Trader Joe XYZ lookalike site was identified. The domain, associated with the IP address 68.65.123.18 and tracked via ARIN to US soil, contained the misspelled world “trader” (i.e. tradrjoexyz.com instead of the legitimate traderjoexyz.com). Additional metrics provided by a VirusTotal query suggest that the typosquatting domain has had numerous associations with other (potentially) harmful domains.

Heimdal™ cautions all users to pay extra attention when typing in domain names, especially when it comes to electronic financial instruments such as Trader Joe XYZ. It seems very likely that this isn’t the first time the platform was

Read the article