Concerns over wallet safety have returned to focus as the Shiba Inu community faces a renewed wave of social engineering attacks. Developers and security teams have moved to limit user exposure, but warnings stress that responsibility still rests with individual holders. The latest incident highlights how interface design and user habits can amplify risk. It also underscores how easily attackers can replicate these schemes across platforms. Shiba Inu team flags a lookalike wallet threat Shiba Inu team member Lucie warned the community about a coordinated address poisoning campaign targeting Safe Wallet users. In a post on X , she said attackers created thousands of lookalike wallet addresses to misdirect transactions. Lucie clarified that the issue did not involve a protocol exploit, an infrastructure breach, a smart contract flaw, or a system compromise. She described the activity as deliberate user deception rather than a technical failure. According to Lucie, security teams identified around 5,000 malicious addresses. Safe Wallet flagged and began removing them from its interface to reduce accidental interaction. However, she cautioned that similar attacks remain easy to reproduce. For that reason, she urged SHIB holders to take extra precautions during transfers. Lucie advised users to verify full recipient addresses outside wallet interfaces. She also recommended using address books or allow lists for frequent transfers. In addition, she stressed the importance of sending small test transactions before high-value transfers. She framed these steps as essential safeguards rather than optional habits. Safe Labs details address poisoning campaign Safe Labs later confirmed the scale of the threat in a security update shared on Feb. 6. The firm reported a large-scale address-poisoning and social-engineering campaign targeting multisig users. It said SafeShield, supported by external security partners, flagged roughly 5,000 malicious addresses. Safe Labs added that the addresses were being removed from Safe Wallet’s UI to lower the risk of user error. Address poisoning exploits common wallet behavior. Many interfaces shorten addresses with ellipses for readability. As a result, users often check only the first and last characters. Attackers exploit this habit by creating addresses with matching prefixes and suffixes. A recent case illustrated the consequences. A crypto user reportedly lost $50 million after copying an address from transaction history. The victim first sent 50 USDT as a test transfer to his own wallet. The attacker quickly generated a spoofed address with identical starting and ending characters. When the victim copied the address from history, he unknowingly sent the remaining 49,999,950 USDT to the fake wallet. Security teams stressed that the loss did not stem from wallet failure. Instead, it reflected a copy-paste mistake amplified by address poisoning. The incident reinforced a broader lesson echoed by Lucie and Safe Labs. Users should always double-check full addresses and avoid copying recipients from transaction history, even for convenience.
