Crypto Investor Loses $20,000 After Chrome Suggestion Leads to Phishing Site Using Punycode Trick

In a stark reminder of the growing sophistication of cyber threats, a cryptocurrency user recently lost over $20,000 after Google Chrome’s address bar suggested a malicious lookalike website. The scam, which exploited a method known as a Punycode phishing attack, demonstrates how subtle technical tricks can have costly consequences for even cautious users in the crypto space.

A Costly Click: How One User Was Tricked by a Chrome Suggestion

The incident centers on a deceptive domain mimicking the legitimate crypto exchange ChangeNOW. The attackers registered a fraudulent website address that visually resembled the real one, achieved by substituting Latin characters with nearly indistinguishable Cyrillic ones—an approach made possible through Punycode encoding.

When the user typed in the name of the actual site, Chrome’s auto-suggestion feature instead directed them to the impersonator. Trusting the browser's prompt, the user proceeded with a transaction—only to see their digital assets drained within minutes.

“This is the pitfall of Chrome,” a representative from blockchain security firm SlowMist noted. “The recommendation mechanism is not well done, and it recommends phishing websites to users.”

Rising Threats, Lagging Responses

While phishing attacks are nothing new, the use of Punycode adds a dangerous layer of deception. The malicious sites are often indistinguishable from their genuine counterparts at a glance, and they may even replicate every design element down to the pixel.

Security experts argue that these tactics outpace the preventive measures currently in place. Although U.S. regulators like the Federal Trade Commission (FTC), the California DFPI, and the North American Securities Administrators Association (NASAA) have issued general warnings about crypto fraud, none have specifically addressed Punycode manipulation by name.

Instead, their advice emphasizes core digital hygiene: carefully verifying URLs, avoiding unknown links, and reporting suspicious behavior. These measures remain essential, particularly when browser tools—ironically designed to streamline navigation—end up guiding users toward dangerous territory.

What You Can Do to Stay Safe

Until browsers and regulatory bodies catch up with these evolving threats, the responsibility largely falls on users. Here's how you can reduce your risk:

• Double-check URLs for subtle character swaps, even if the site looks legitimate.
• Avoid clicking on auto-suggested links when accessing financial platforms; type URLs manually or use verified bookmarks.
• Use browser plugins or security tools that highlight potential Punycode domains.
• Report phishing sites to help prevent others from becoming victims.

Meanwhile, platforms like the DFPI’s Crypto Scam Tracker continue to log public complaints and incidents, helping raise awareness in the broader community.