Misspelling Soneium on Google Could Drain Your Crypto: Scammers Exploit Typos

As the cryptocurrency market grows, so do the risks associated with online searches and transactions.

Overview

On October 22 2024, the blockchain security firm announced that its team had found a Google Search for someium that produced a sponsored link to a malicious website, including a wallet drainer. Security firm Scam Sniffer recently warned about a disturbing trend targeting crypto users: typosquatting scams. Misspelling “Soneium,” a popular decentralised finance (DeFi) platform, while searching for it on Google could lead to your crypto wallet being emptied. Scam Sniffer noted, “I searched for Soneium on Google and clicked a phishing ad. Phishing always happens when you’re not paying attention, even if you mistakenly spell soneium as someium.” 

What is Typosquatting and How Does it Work?

Typosquatting, also known as URL hijacking, is a type of cyberattack in which scammers create fraudulent websites using URLs similar to popular, legitimate sites. They rely on users making minor typing errors when entering a web address or searching for a company, such as “Soneium.” For example, a user might mistakenly type “Sonium” or “Soneum” instead of landing on the official site and end up on a malicious website by scammers. Once on the fake website, users may be prompted to enter sensitive information such as their wallet address, private keys, or seed phrases. 

Users are sometimes tricked into connecting their crypto wallets to malicious smart contracts, allowing hackers to drain funds instantly. These scam sites can also resemble real ones, making recognising deception at first glance challenging. Scammers exploit this through Google Ads, making fake links appear at the top of search results, even before legitimate ones appear. Users in a hurry or less familiar with the exact URL might unknowingly click the ad and fall prey to the scam. Scam Sniffer provided the alleged phishing link with a different domain suffix from Soneium’s official website. The link led to a primary and incomplete landing page, seemingly for a radiology service based in the UK.

The Soneium Typo Trap

Scam Sniffer’s recent findings highlight the use of typosquatting to target DeFi users, particularly those searching for the Soneium platform. According to their report, misspelling Soneium in a Google search leads to several fake websites being displayed in Google Ads. These sites imitate the DeFi platform, using convincing graphics, design elements, and similar domain names to lure users in. Once on these fraudulent sites, unsuspecting visitors might be asked to connect their crypto wallets or provide sensitive login credentials. The security firm emphasised that these malicious actors often purchase Google Ads to ensure their fake websites appear as the top search results, capitalising on users less likely to notice the subtle difference in the web address. 

Scam Sniffer tracked over 50 domains associated with this typosquatting campaign, many designed to mimic popular DeFi platforms like Soneium. The financial losses can be immediate and severe. Scam Sniffer identified multiple cases where crypto users had lost thousands of dollars in Ethereum (ETH) and other digital assets after falling victim to these typosquatting scams. Once users connect their wallets to the fraudulent smart contracts, the scammers can instantly transfer funds, leaving the victims with no recourse.

How to Protect Yourself from Typosquatting Scams

The dangers of typosquatting are real, but there are several steps you can take to protect yourself and your crypto assets from these types of attacks:

1. Double-check URLs: Always double-check the URL of the website you are visiting, especially when conducting financial transactions. Make sure it is spelt correctly and includes the proper domain extension. For instance, the official Soneium website should be bookmarked or typed carefully to avoid common misspellings.
2. Avoid Clicking on Ads: Be cautious when clicking on Google Ads, especially for financial services like crypto platforms. Fraudulent ads can appear legitimate, but relying on organic search results is safer than typing in the website’s URL directly.
3. Enable Security Features: Use browser extensions or tools like Scam Sniffer, which alert you to suspicious websites and warn you before interacting with fraudulent domains. These tools can help you avoid phishing and typosquatting schemes by blocking known malicious sites.
4. Use Hardware Wallets: A hardware wallet adds an extra layer of protection by keeping your private keys offline. Even if you inadvertently connect your wallet to a malicious site, the hackers will not have access to the private key stored in your hardware wallet, making it much harder for them to steal your funds.
5. Keep Software Updated: Ensure your browser, wallet apps, and security tools are constantly updated to the latest versions. New security patches are regularly released to protect users from the latest threats.
6. Report Suspicious Sites: If you encounter a fake website, report it immediately to Google and other relevant platforms to help prevent others from falling victim to the same scam.

Following these precautions can significantly reduce your chances of falling victim to a typosquatting attack. Awareness is key—understanding how these scams work and staying vigilant when searching for and interacting with crypto platforms can help safeguard your digital assets.

The rise of typosquatting scams targeting crypto users, especially those seeking platforms like Soneium, is a growing concern. Scammers use sophisticated tactics to deceive even experienced crypto traders, often by exploiting simple human errors such as typos in search queries. Fortunately, by taking steps to verify URLs, avoiding suspicious ads, and using proper security tools, users can better protect themselves from falling victim to these traps. As the cryptocurrency landscape evolves, so will cybercriminals’ methods. Staying informed and cautious will protect your digital assets from growing online threats. Always double-check before clicking, and consider adding extra layers of security to your wallet for enhanced protection.