Layer 1 blockchain network EOS was hit with an address-poisoning attack, where malicious actors sent small transactions using lookalike wallet addresses to deceive users into sending funds to fraudulent accounts.
What is an address poisoning attack?
An address poisoning attack is a scam where attackers send small transactions using fake wallet addresses that closely resemble real ones.
The goal is to “poison” a user’s transaction history, making it more likely they’ll accidentally copy and paste the fraudulent address when making future transfers.
According to blockchain security firm SlowMist, on March 19, attackers sent 0.001 EOS transactions to users, hoping to trick them into copying fake wallet addresses controlled by the attackers.
These addresses closely mimicked those of major exchanges, making it easy for unsuspecting users to fall for the scam.
SlowMist pointed out that attackers used names like “oktothemoon” to impersonate OKX’s real address, “okbtothemoon,” and “binanecleos” to mimic Binance’s “binancecleos.”
The subtle tweaks in spelling could easily go unnoticed, especially by users who rely on past transactions for address input.
As of press time, no losses had been reported.
However, such attacks are not limited to blockchain networks alone, as bad actors often target individual traders as well.
According to on-chain analytics platform Scam Sniffer, victims continue to lose significant sums by unknowingly copying poisoned addresses.
On March 18, a user lost $103,100 after pasting a fraudulent address from their transaction history.
A day earlier, another trader lost $43,674 in a similar attack.
Meanwhile, one of the largest losses from this attack vector was reported in May last year, when bad actors stole 1,155 wrapped Bitcoin from an individual user, worth over $69.3 million at the time.
To avoid falling victim to such attacks, experts advise double-checking wallet addresses before sending funds and never copying and pasting addresses directly from transaction history.
EOS Vaulta rebranding
The attack on EOS comes as the network undergoes a major transformation, rebranding to Vaulta in a bid to position itself as a leader in web3 banking.
According to a press release on March 18, the transition, which includes a token swap, is expected to be completed by the end of May, though the timeline remains subject to change.
Yves La Rose, founder and CEO of the Vaulta Foundation, emphasized that the shift is “more than just a name change,” calling Vaulta the result of “years of planning, strategic development, and thoughtful design.”
The price of EOS surged over 25% to $0.65 following the rebranding announcement but has since declined after news of the attack emerged.
The development comes a day after Binance smart chain-based meme coin launcher Four.Meme was exploited for $120,000 on March 18.
Attackers misused a vulnerability to drain funds from the project’s liquidity pools.
The post EOS network hit by address poisoning attack: what you need to know appeared first on Invezz
