Heimdal™ Security’s Security team has recently unearthed a new typosquatting domain specifically crafted to resemble Trader Joe XYZ’s URL, one of the most sought-after cryptocurrency trading platforms. Tricked by a typo in the spelling of the crypto-swapping platform’s URL, users would send their MetaMask wallets to an unknown party or parties that would ultimately despoil their contents.
Misspelled URL puts Thousands of Traders at Risk
Earlier today, Heimdal™ reported that a Trader Joe XYZ lookalike site was identified. The domain, associated with the IP address 220.127.116.11 and tracked via ARIN to US soil, contained the misspelled world “trader” (i.e. tradrjoexyz.com instead of the legitimate traderjoexyz.com). Additional metrics provided by a VirusTotal query suggest that the typosquatting domain has had numerous associations with other (potentially) harmful domains.
Heimdal™ cautions all users to pay extra attention when typing in domain names, especially when it comes to electronic financial instruments such as Trader Joe XYZ. It seems very likely that this isn’t the first time the platform was assaulted by typosquatters. A closer look at the website’s landing page reveals a cautionary message: “Always make sure the URL is www.traderjoexyz.com”. The webmaster also encourages its users to bookmark the website for future transactions.