An Important Security Proposal for NNS

There is an account that regularly transfers 0.0001 ICP to my NNS account. The account starts and ends with the same characters as my Binance account. Unfortunately, after verifying the beginning and end of the account, I mistakenly transferred 1000 ICP to it, only to realize that this is a scam.

This scheme works by scammers transferring small amounts to users from an account that closely resembles one the users frequently interact with, prompting victims to “copy” the transaction details. Once the victim initiates a transfer, the funds go directly to the scammer’s account.

I am aware of this type of scam and have heard about it before, but I never imagined I would fall victim to it. Upon further investigation, I discovered that many other users have also mistakenly transferred funds to such accounts, causing significant distress.

To address this issue, I propose separating the transaction history into incoming transactions and outgoing transactions. This would help users distinguish between funds received and those sent, thereby making it harder for scammers to exploit this tactic. Reviewing the transaction logs would also provide evidence of how many users have been affected.

I urge you to take this matter seriously, introduce this proposal for voting, and prioritize network improvements to minimize the impact of such scams.

4 Likes

I mistakenly transferred 500 ICP to the cheater’s address too.

I’ve been wondering how this scam works. Thanks for the explanation. I’m sorry you were a victim. I too have received many weird 0.0001 ICP deposits. Fortunately I have not been a victim though. It’s very helpful that you shared your story to help increase awareness.

I guess best practice is to always get your address from the recipient wallet address copy feature (or principal copy) instead of copying old addresses from the transaction history. Fortunately it is very easy to access the address copy feature with every wallet I’ve used for ICP.

1 Like

There even don’t have the function to save the address on nns, that’s the issue!

2 Likes

Hey @Abdulaziz, sorry to hear that you have fallen victim to this kind of attack. We’re aware of the issue, and working on introducing an address book in combination with other improvements to better defend against attacks like this.

4 Likes