Hi ICP community,
I would like to warn everyone about a scam method that takes advantage of users’ carelessness when checking the accuracy of the ICP recipient address.
The scammer uses an address with a similar prefix (about 4 characters) and suffix (about 4 characters) to one that the victim’s account has previously made transactions to. Then, the scammer sends a small amount of ICP to the victim’s account. When the victim, in a hurry and not paying close attention, copies the address from their most recent transaction to send ICP, they unknowingly send it to the scammer’s address instead.
The scammer’s original account (successful scam transactions from the scammer’s sub-account are redirected to this main account):
https://dashboard.internetcomputer.org/account/147cf2b29a58be7dc00e034a76f8f23117506f562865472361a2005033daf3d7
Case 1 : Victim account address (scam 32 ICP)
22f2eaf55971173e071bf890c963216f6feb07c97d5385794bf66a7c83b1ea13
Fake account address with a similar prefix and suffix to the victim’s transaction history : a561…3061
Case 2 : Victim account address (scam 252 ICP)
f0ea205872c5fd6db50776161946d3bff32d205320b13783ea4da15fc96dbca4
Fake account address with a similar prefix and suffix to the victim’s transaction history: 376a…670d
And there are many other cases. You can observe and analyze through the transaction flow of the scammer’s account:
https://dashboard.internetcomputer.org/account/147cf2b29a58be7dc00e034a76f8f23117506f562865472361a2005033daf3d7/transaction_flow
It seems that they have developed a method to create a principal → account address, and a mechanism to analyze user transaction behavior.
Since the NNS wallet system does not yet allow users to save addresses they frequently transact with, scammers exploit this gap, taking advantage of users’ carelessness and causing them to make quick transactions for the scammer’s benefit.