A lot of users are used to copying addresses from the transaction history. Recently, a new type of scam exploits this habit to attack user accounts. An attacker creates an address with identical ending characters to the user's address in the transaction history, and then sends tiny amounts of digital assets to the user to make the impersonation address appear in the user's transaction history. This aims to deceive the user into copying the wrong address when making new transfers.
In the example below, the user usually transfers to the address "TYiUSp…KkjiT5", while the attacker uses a similar address "TUaWq8…HkjiT5". Both addresses end with "kjiT5".
When confirming the recipient's address, if a user only checks the last few characters of the address copied from the transaction history, they might be deceived into transferring to the attacker's address, resulting in asset loss.
Please be noted:
Blockchain is tamper-proof. Once an action on the blockchain is successful, it cannot be canceled or revoked. Before proceeding with any action, please make sure you have double-checked the address to avoid the risk of asset loss.