描述
This NFT is designed by Web3 Antivirus to warn users of an address poisoning attack threat. Some malicious contracts behind the scheme have the potential to trigger thousands of poisoned transactions, with each attacking up to hundreds of users.
If you received Alert on Poisoning NFT, you've been a target. Check details on the poisoning transaction in Properties.
How does the scam work?
In a nutshell, a hacker tracks some user transactions and forges the target address, making it similar to the original one. For example, 4 initial and last symbols are the same, but all the rest are different. The altered one is a scammer's account, easy to be mistaken for the original. Meaning, there's a good chance to someday copy the wrong address from the log.
Hackers then simulate $0 transfers from the victim's account. Thus, the forged address gets logged into historical records, with the fake transaction having a timestamp close to the actual transfer. Seeing a transfer from their account that users didn't approve, they fear that their private keys have been leaked and assets compromised, so someone's stealing their funds right now. Wishing to transfer funds to another account, victims may inadvertently copy the wrong address and thus send their funds to the scam account.
How to avoid getting trapped?
To help users understand what's happening, we've prepared an antidote, a dedicated Alert on Poisoning NFT. It's intended to warn users about the threat as they face scam transactions.
There's no reason for panic. The $0 transactions are more of an alert sign. Nothing's happened yet, both the key and the assets are safe.
Learn more about the address poisoning attack scheme (https://t.ly/QabX) and remember — rule one is to double-check transfer addresses, especially when copying them from historical transactions.
To protect yourself in the future, we recommend using Web3 Antivirus (https://t.ly/N-6G), a security tool that audits transactions before you sign them and warns you about potential scams.