Leading blockchain security firm SlowMist has raised an urgent alert regarding a new wave of address poisoning attacks targeting users on the EOS blockchain.
In a security notice posted on the X platform, SlowMist detailed how attackers are executing this scheme by sending small amounts of EOS tokens, typically 0.001 EOS, to unsuspecting users.
The seemingly insignificant transaction is a deceptive tactic designed to introduce fake wallet addresses into transaction histories.
By crafting fraudulent accounts that closely resemble legitimate cryptocurrency trading platforms, attackers aim to manipulate users into mistakenly sending funds to malicious addresses, leading to potential financial losses.
Attackers Impersonate Major Crypto Exchanges With Fake Accounts
SlowMist’s investigation has uncovered multiple fraudulent accounts designed to mimic major cryptocurrency exchanges, creating a highly deceptive environment for EOS users.
One example includes an attacker-created account named “oktothemoon,” which closely resembles OKX’s genuine account, “okbtothemoon.”
Similarly, another fraudulent address, “binanecleos,” is nearly identical to Binance’s official “binancecleos” account.
These small but deliberate variations exploit human oversight, particularly in high-speed trading environments where users often rush transactions.
The attackers rely on these subtle discrepancies to lure unsuspecting traders into sending their assets to the wrong addresses, resulting in irreversible financial losses.
Also Read: Coinbase Boosts Base Privacy With Iron Fish Team Acquisition, Amid Record Crypto Hacks In 2025
SlowMist Urges EOS Users to Exercise Caution
In response to this escalating threat, SlowMist has issued strong recommendations for EOS users to adopt heightened security measures when conducting transactions.
The firm emphasized that unlike traditional hacking techniques, address poisoning does not involve direct breaches or malware but rather exploits human error.
Given that these fraudulent addresses closely resemble legitimate ones, users may inadvertently copy and paste them into transaction fields without verifying their authenticity.
SlowMist advises traders to carefully check recipient addresses, verify them directly on official platforms, enable trusted address whitelisting, and exercise extreme caution when receiving unsolicited token transfers, even if they involve tiny amounts.
Also Read: Hackers Blackmail YouTubers To Spread Crypto-Mining Malware, Kaspersky Warns
Crypto Scams Are Evolving, Requiring Stronger Security Measures
The emergence of address poisoning on the EOS blockchain highlights the growing sophistication of cybercriminals and the urgent need for enhanced security protocols within the crypto industry.
The tactic has previously been observed across other blockchain networks, reaffirming that no platform is immune to evolving scams.
As attackers refine their strategies, users must adopt proactive security measures such as double-checking wallet addresses, avoiding reliance on autofill functions, and staying updated on the latest threats.
The SlowMist security alert serves as a crucial reminder that even seemingly minor transactions can be part of larger fraudulent schemes.
Increased awareness and robust security practices remain essential in safeguarding digital assets against emerging cyber threats.
Recent Crypto Security Breaches Underscore Rising Risks
The EOS address poisoning attack is part of a larger trend of increasing security threats across the cryptocurrency industry.
In a separate incident, AI-based crypto commentator AiXBT was recently hacked, resulting in a $104,000 Ethereum (ETH) loss after an agent mistakenly transferred 55.50 ETH to a malicious address.
Similarly, Four.Meme suffered a $120,000 exploit after a private transaction leak enabled a “black sandwich” attack on PancakeSwap, following a $200,000 hack just last month.
Meanwhile, blockchain gaming giant Wemix disclosed that it lost $6.22 million in a February attack due to a Play Bridge Vault vulnerability.
The increasing frequency of these incidents underscores the necessity for both individual investors and companies to implement stronger security measures, improve transparency, and remain vigilant against evolving threats in the digital asset space.
Also Read:
Crypto Hacks
Crypto Hackers Exploit Telegram Accounts to Spread Malware Through Fake Video Call Links