EOS Black, a dApp development initiative, has reported the existence of a website that is attempting to steal private keys by impersonating the official site. The real EOS Black site is located at eosblack.io, while the fake site is located at eos-black.com. Both sites look almost identical, but the latter is a phishing attempt.
At first, the fake site seems to be a legitimate airdrop. But after you enter your public EOS name or address, the fake site asks you to “sign the request with your EOS PRIVATE key,” an action that would give the site access to your EOS wallet.
EOS Black is reminding users that the legitimate site never requests private keys. This applies to all cryptocurrencies and wallets: private keys are solely used to move money out of your wallet. Private keys should never be shared.
Additionally, the scammer seems to be hoping that visitors have forgotten that the original airdrop has ended: the real EOS Black airdrop concluded in July, but the scam claims to be offering “bonus” tokens as of today. This is, again, not true.
Suggested Reading : Learn more about EOS in our beginner’s guide.
Phishing is a widespread problem, and crypto airdrops have proven themselves to be a profitable opportunity for phishers. Although legitimate airdrops exist, airdrops can also be used to compromise a victim’s wallet with little effort. Novice users can easily confuse private keys with public addresses and give out the wrong information—the difference is explained in detail here.
EOS is far from the only target of phishing attacks, which have become a common line of attack across virtually all cryptocurrencies. The worst offender is undoubtedly the plague of celebrity lookalike bots that promise free cryptocurrency on Twitter…if you send them your own crypto first. The scam is so egregious that Elon Musk has enlisted the help of Dogecoin’s creator in order to solve the increasingly severe problem.
Some phishing campaigns are disabled quickly, but today’s scam has not yet been shut down. Of course, even if it is shut down, another scam will pop up in its place. The only solution is to remain vigilant: never give out your private keys, and never send crypto to airdrops.