Beware the Copy-Paste Trap: Malicious ‘Address Poisoning’ Attack Strikes EOS Users

The EOS blockchain is currently under attack by malicious actors employing an address-poisoning scheme.

In an address poisoning attack, exploiters create and send small transactions (often with negligible amounts like 0.001 tokens) using fake wallet addresses that closely resemble legitimate ones. The goal is to trick users into mistakenly copying and pasting the fraudulent address when making future transactions.

EOS Blockchain Users Suffers Address Poisoning Attack

Blockchain security firm SlowMist revealed that attackers are sending users small transactions of 0.001 EOS to trick them into sending funds to fraudulent addresses.

“Beware of address poisoning attacks on EOS! Malicious accounts are sending 0.001 EOS to users to poison addresses,” SlowMist revealed.

According to SlowMist, the attackers create accounts that closely resemble those of legitimate trading platforms. Specifically, “oktothemoon” to impersonate OKX exchange (real account: “okbtothemoon”) and “binanecleos” to impersonate Binance exchange (real account: “binancecleos”).

These subtle alterations can easily mislead users who fail to scrutinize the transaction details closely. Blockchain-focused X (Twitter) accounts warn users about the risks associated with this attack.

“Careful all….. Bad actors out there,” Blockchain-focused X account remarked.

WuBlockchain confirmed the ongoing attack, highlighting the impersonation tactics. AVA, an AI-driven social app, acknowledged the attack. However, it expressed confidence in the crypto ecosystem’s resilience, encouraging users to remain vigilant and focus on security.

Notably, address poisoning attacks are not new to the crypto space. Recently, Binance issued a global alert over clipper malware that alters crypto wallet addresses. Similarly, a Bitcoin trader sent $70 million to the wrong address last May.  

In January 2023, MetaMask also warned its users against falling prey to ‘address poisoning,’ citing a crypto scam whose popularity was growing.

Therefore, the resurgence of this scheme on EOS highlights ongoing security challenges in blockchain ecosystems. These attacks rely on tricking users into copying and pasting fraudulent addresses from their transaction histories, leading to unauthorized fund transfers.

Given the deceptive nature of these scams, users are advised always to double-check wallet addresses. It is also imperative to avoid relying solely on past transaction records when making transfers.

Meanwhile, this incident comes barely 24 hours after another major security breach in the crypto space. BNB Chain’s meme token launchpad, four.meme suffered a critical exploit, leading to significant financial losses.

The back-to-back security incidents reflect the growing sophistication of blockchain exploits. This incident also highlights the urgent need for enhanced security measures across all networks.

Meanwhile, BeInCrypto data shows that the EOS price was trading at $0.65 as of this writing. This represents a surge of nearly 32% over the last 24 hours.