Brand imitation, hijack and infringement, are key concerns for many crypto brands – especially in an ecosystem where funds can be transferred effortlessly and anonymously. This article highlights the various vulnerabilities faced by cryptocurrency brands and shares tips for identifying and safeguarding against infringers
It’s been said that imitation is the sincerest form of flattery. But what happens when that adulation turns from sincere to suspicious? Imitation, or, worse, infringement, is a key concern for many brands, especially those in highly competitive consumer markets where third parties may unintentionally (or purposefully) infringe competitors’ trademarks and copyrights in hopes of attracting consumers.
When it comes to brand protection, cryptocurrency companies in particular often find themselves policing their brands against not only third-party competitors, but also against scammers who may seize on a brand’s trademarks, branding assets, and website content in order to steal sensitive consumer information, including financial and personal data.
Crypto brands are everywhere around us – from Super Bowl ads to ATMs to sports arenas (we’re looking at you Crypto.com Arena and FTX Arena!). While cryptocurrency has yet to become a mainstream payment method, the FTC reports that crypto scams are an alarmingly common method for scammers to steal consumer cash, and since the start of 2021, more than 46,000 US consumers have reported losing over $1 billion in crypto to scams.
The FTC notes that crypto has several features that are attractive to scammers: (i) there’s no bank or other centralized authority to flag suspicious transactions; (ii) crypto transfers can’t be reversed; and (iii) many consumers are still unfamiliar with how crypto operates. All of this plays into the hands of scammers and helps to explain why crypto companies in particular are prime targets for brand infringement.
Following are highlights of some of the most common ways that scammers may use crypto brand assets, in particular, trademarks and copyrights, to impersonate a crypto company in hopes of confusing consumers:
Stealing Brand Asset- This trick involves snagging brand logos and/or highly recognizable imagery and then posting these assets on an infringing website in order to give it the appearance of legitimacy. For example, scammers might use the logos and photos from a crypto company’s website to create a website with a familiar/legitimate appearance. The scam website will most often include an offer to “create an account” where consumers are asked to provide various degrees of personal and financial information, including email addresses, physical address, social security numbers, bank accounts, crypto wallet addresses, and more.
Mirroring Websites- This goes beyond snagging a few brand assets to instead replicating a brand’s entire website. As the name implies, mirrored websites are nearly exact copies of a legitimate website and can easily confuse users who may have visited the real crypto company’s website in the past and are now being directed to a scam website that looks nearly identical to the original. Here, too, these mirrored websites will most often include requests that consumers “create an account” where they provide sensitive personal and financial information.
Infringing Domain Names- Scammers can be quick to obtain domain names that incorporate crypto company trademarks, either as common misspellings (e.g., cryptoccompany.com or crpytocompany.com) or in combination with other descriptive and related terms (e.g., cryptocompanyblockchain.com or bankofblockchaincrypto.com). These infringing domain names can be equally dangerous when used in combination with a mirrored website or a website that merely replicates certain brand assets (e.g., logos, imagery, etc.) or even when not connected to any website at all (see discussion on phishing below).
Scammers who are particularly focused on a certain brand may employ something commonly referred to as “Typosquatting Attacks” or “URL Hijacking” which involves registering and launching, en masse, multiple domain names that incorporate crypto brand trademarks connected to infringing/mirrored websites. These attacks are commonly used in connection with social media campaigns to drive unwitting consumers to infringing sites through ads and domain names that appear to be the original crypto brand.
Email Phishing- Email phishing is designed to trick email recipients into handing over sensitive information (e.g., account usernames, passwords, financial information, etc.), or downloading malware. By using an infringing domain name that looks just like a crypto company’s official URL in an email address (e.g., [email protected]), an attacker can fool email recipients into thinking the phishing email is authentic. These emails may invite recipients to visit certain websites, download malware, open an email attachment that contains a computer virus, or provide information that allows scammers to access a victim’s various financial accounts.
Given the seemingly low risk/high reward scheme that crypto scamming affords, scammers can be particularly innovative in creating new ways to fool consumers. This means it’s imperative for crypto brands to monitor and police their brand assets in cyberspace. In many instances, the first reports of infringement may come directly from consumers advising crypto companies about their losses in purported scams. Rather than waiting to find out about a scam second hand, there are several tools and practices that crypto companies can incorporate to help smoke out scammers and other infringers making unauthorized use of the company’s brand assets.
Register Trademarks- Crypto companies with registered trademarks are at a significant advantage when it comes to enforcing against fakes. In many cases, domain name registrars and other third-party social media platforms will not assist in the case of infringement complaints without verification of registered intellectual property. It is also important to note that trademark protection is, for the most part, territorial, meaning that a U.S. trademark registration does not provide protection in the EU and vice versa. In order to best protect its brand, a crypto company should take steps to obtain protection for its trademarks in every jurisdiction in which it operates.
Internet Searches- Crypto companies should consider regularly running internet searches for their high-profile brand imagery (e.g., logos, photos of prominent team members, etc.) to help identify third party uses of these assets that may not be authorized. Similarly, crypto companies can also run internet searches for key brand slogans and passages of website content that may reveal infringing and mirrored websites.
Search Alerts- News alerts aren’t just for monitoring company press, instead setting up search alerts for your company name, the names of key team members, and other company trademarks can be useful in identifying third parties who may be using a crypto company’s branding assets (or similar). Early identification can be key to preventing wide-spread fraud.
Employing Third- Party Watch Services. Various vendors offer domain name and internet search services to help companies identify the use of the company’s trademarks in newly registered domain names. These resources can be particularly useful in identifying potential phishing schemes, sometimes before they even have a chance to gain traction.
Unfortunately, ferreting out fakers can be a full-time job. Once you’ve identified infringers, there are a variety of mechanisms and tactics for addressing them – each approach may be nuanced and involve several layers of strategy, including the possible involvement of law enforcement. The strength of a crypto company’s intellectual property assets will directly impact its ability to ward off and thwart infringers who are anxiously waiting to ride on the company’s success to their own nefarious advantages. The best insurance for crypto companies facing this thriving market for mayhem is to be aware and be prepared.
Nick Neuman is the founder of Casa – a provider of Bitcoin security services that enables users to have total self-custody over their crypto holdings, without risk of theft or hacks like those experienced by exchanges.

Share
Sebastián Milla is Chief of Special Projects at Exodus, one of the most popular blockchain wallets in the world. Exodus has 1.6 million users and completed a fund-raising round by issuing stock tokens to Exodus users on Algorand.

Share
On May 14th, BlockFi experienced a data breach over the course of an hour that compromised some user’s data. No funds were affected.

Share

source

Write A Comment