The Squidgame.cash Debacle is a Perfect Example of Why You Should Block New Domains
A lot of money could have been saved if the practice of blocking newly registered domains was more standardized. Unfortunately, a 21-day-old domain (as of November 2 according to WHOIS) was able to swiftly launch, collect over $2 million, and then quickly disappear into the night.
This is far from a unique circumstance as domains are quickly registered for use in a scam and then taken down by the registrar. Though, in this instance, the dollar amount stolen is higher than most phishing scams. The reason for this is twofold:
- It used the name of a trending property, leveraging the dystopian TV series Squid Game
- Cryptocurrency scams (and the crypto industry in general) has grown dramatically during the pandemic, creating a large audience of enthusiasts willing to invest in new coins
On the DNSFilter network, the domain “squidgame.cash” (former home of the “crytpocurrency”, and where the notoriously typo-ridden whitepaper about the crypto was hosted) appeared for the first time on October 17. The domain was registered just 5 days earlier on October 12. The TV show Squid Game premiered on Netflix in the US on September 17.
DNSFilter categorizes all newly registered domains for 30 days as “New Domains” enabling users to block these domains. This alone could have saved someone from ever accessing the website and deciding to move forward with an investment in this cryptocurrency. New domains are the biggest offenders when it comes to scams, and blocking these sites can save users from seeing upwards of 70% of malicious sites.
Just in the last 30 days on the DNSFilter network, 1.13% of the domains with the gTLD .cash were categorized as malicious. The Squid Game crypto was convincing as it presented itself as a new cryptocurrency and was available through traditional exchange channels. It did not get marked as phishing on our site, but it was blocked via our new domains category.
According to our Domain Threat Report, only 37% of the DNSFilter network is blocking new domains. That leaves a large portion of users unnecessarily open to zero-day threats and scams.
Cryptocurrency will continue to draw the attention of threat actors and scammers as it has a wide range of appeal and shields them through built-in anonymity. This story is a good reminder that with all new things, there is a degree of risk involved in accepting them as valid at face value. A zero-trust world is becoming increasingly more important day by day.
