Two names can render identically on screen and resolve to different wallets. Scammers register lookalikes for valuable names — vitalik.eth with an invisible joiner, еns.eth with a Cyrillic letter — and wait for someone to send funds without checking. The verification is the same in every case: paste the name into a Unicode analyser and read what's actually there.
Find your situation
What you're seeing | What it means | Path |
Someone sent you an ENS name and asked for funds | Treat as unverified until you've checked | Run the verification |
A name is listed cheaply on a marketplace and resembles a famous name | Almost certainly a lookalike | Run the verification before buying |
A marketplace shows a warning triangle or asterisk on the name | The name contains unusual Unicode characters — could be a legitimate emoji name or a lookalike | Run the verification to confirm |
You already sent funds to a name and aren't sure if it was real | The transaction is permanent — ENS can't reverse it. Verify the name now so you know what happened | Run the verification |
You want to know what protections the official ENS App gives you | The App's normalisation rules block many tricks at registration time | See What ENS does automatically |
Good to know
The official ENS App at
app.ens.domainsstrips out a lot of Unicode tricks automatically. Names registered through the App can't contain variation selectors or uppercase letters. Scammers bypass this by registering through smart contracts or third-party tools.A Unicode warning on a marketplace doesn't always mean the name is fraudulent — it means the name contains unusual characters. Use a Unicode analyser to confirm.
Lookalike names target high-value names. A
vitalik.ethlisting priced cheaply is almost certainly a fake.ENS support can't reverse a transaction sent to a lookalike. Verify the name before you send.
"If it seems too good to be true, it usually is" applies in full — the price is often the warning before the icons.
Run the verification
Copy the full name from wherever you found it.
Paste it into a Unicode analyser — fontspace.com/unicode/analyzer is a quick one. It breaks the name into individual characters and labels each one.
Read the breakdown. Every character should be a plain Latin letter, a digit (
0–9), a hyphen, or an emoji you can identify. Reject the name if the analyser shows any of:Zero-Width Joiner or ZWJ — invisible character between letters
Variation Selector — invisible character after a letter
Cyrillic, Greek, Armenian, or any non-Latin alphabet label
Small Capital — letters like
ɴ,ᴍ,ʀArabic-Indic Digit or Extended Arabic-Indic Digit mixed with Latin digits
If the analyser shows only plain Latin letters and standard digits, what you see is what you get.
How the tricks work
Five recurring patterns. They all rely on Unicode characters that look identical or near-identical to standard letters but use different code points underneath.
Trick | What it looks like | Analyser flag |
Zero-Width Joiner | Invisible character between letters | "Zero-Width Joiner" |
Variation Selector | Invisible character after a letter | "Variation Selector" |
Cross-script confusable | Cyrillic | "Cyrillic", "Greek", "Armenian" |
Small capital |
| "Latin Letter Small Capital" |
Digit-set swap | Arabic | "Arabic-Indic Digit" or "Extended Arabic-Indic Digit" |
Zero-Width Joiners
A Zero-Width Joiner (ZWJ) is an invisible character originally designed to combine emoji — that's how ❤️🔥 is built from a heart, a variation selector, a ZWJ, and a fire emoji. Slipped between letters of an ENS name, a ZWJ creates a separate name that renders identically. vitalik.eth (a ZWJ between a and l) is the canonical example.
Run both through the analyser and the difference is plain:
Real
vitalik.eth:v,i,t,a,l,i,k,.,e,t,h— all standard Latin characters.Fake
vitalik.eth:v,i,t,a, Zero-Width Joiner,l,i,k,.,e,t,h— one extra invisible character.
Confusables — letters from other alphabets
The Latin e (U+0065) and the Cyrillic е (U+0435) look identical in most fonts. So ens.eth (real) and еns.eth (fake, with a Cyrillic е) are different names that point at different wallets. Cyrillic, Greek, Armenian, and several other scripts contain near-identical lookalikes for common Latin letters.
For a tour of every confusable Unicode tracks, the Unicode Consortium's Confusables utility and Raffy's ens-normalize confusables tool are the references.
Small capitals
Characters like ɴ (U+0274) and ᴍ (U+1D0D) are small-capital versions of n and m. They render like uppercase letters but live in a separate Unicode block. A name using small caps is a different name from the one it imitates.
Arabic and Persian digits
The Arabic numerals you'd see in an Arabic-language wallet (٠١٢٣٤٥٦٧٨٩) and Persian digits (۰۱۲۳۴۵۶۷۸۹) look identical to most readers but use different Unicode code points. Mixed with Latin digits inside a single name, they're a common pattern in support tickets.
Variation Selectors
Variation Selectors are invisible code points that change how the previous character is rendered — for example, turning a black heart into a colour emoji. The ENS App strips them during normalisation; names containing them are technically invalid. But a name registered through a contract or third-party service can still carry one.
What ENS does automatically
Register through the official ENS App at app.ens.domains and normalisation runs in the background:
Variation selectors are stripped out — names containing them are invalid.
Uppercase letters are normalised to lowercase — names containing uppercase characters are invalid.
Many confusable characters are blocked by the normalisation rules.
The catch: scammers register fake names directly through smart contracts or third-party services that bypass normalisation. The App protects you from accidentally creating an invalid name yourself; it doesn't protect you from receiving payment instructions that point at a lookalike registered elsewhere.
Other warning signs
Beyond the character breakdown itself, a few softer signals are worth a pause.
Price. Lookalike names target valuable targets. If a name resembling a well-known name is priced unusually low — far below what the real name would sell for — the price is the warning even before the analyser confirms.
Source. A name sent to you via DM, comment, or unsolicited message gets extra scrutiny. Real recipients of crypto don't usually send their address via private message.
Branding. A name that copies a public figure or project but doesn't appear on their verified channels — their X profile, their official site, their Discord — is almost certainly fake. Check the channels you already trust, not the source pushing the name at you.
Marketplace flags. These marketplaces flag names containing unusual Unicode characters with a warning triangle or symbol. The flag means "this contains unusual characters" — not "this is definitely a scam". Verify with a Unicode analyser before acting either way.
OpenSea — warning triangle next to the name.
Etherscan — asterisk (
*) before any name that contains characters outsidea-zand0-9.ENS.Vision — warning triangle next to the name.
What's next?