This study presents the first systematic measurement of domain squatting in the NFT ecosystem, exposing attackers’ use of deceptive NFT collections—intentionally mimicking popular projects—to conduct confusion-based fraud. Leveraging on-chain data from over 220,000 collections and 150 million NFTs, the work integrates metadata analysis, cross-platform social account linkage, and pattern clustering to identify 8,019 squatting collections targeting 654 top-tier projects. It introduces and characterizes seven distinct squatting tactics, detailing their metadata, digital asset, and propagation signatures—thereby establishing a novel Web3 fraud paradigm. Empirical evaluation reveals over 670,000 affected users and total losses amounting to $59.26 million. The study delivers an actionable detection framework and empirically grounded insights for platform risk management and regulatory oversight.

Cybersquatting refers to the practice where attackers register a domain name similar to a legitimate one to confuse users for illegal gains. With the growth of the Non-Fungible Token (NFT) ecosystem, there are indications that cybersquatting tactics have evolved from targeting domain names to NFTs. This paper presents the first in-depth measurement study of NFT cybersquatting. By analyzing over 220K NFT collections with over 150M NFT tokens, we have identified 8,019 cybersquatting NFT collections targeting 654 popular NFT projects. Through systematic analysis, we discover and characterize seven distinct squatting tactics employed by scammers. We further conduct a comprehensive measurement study of these cybersquatting NFT collections, examining their metadata, associated digital asset content, and social media status. Our analysis reveals that these NFT cybersquatting activities have resulted in a significant financial impact, with over 670K victims affected by these scams, leading to a total financial exploitation of $59.26 million. Our findings demonstrate the urgency to identify and prevent NFT squatting abuses.