On Jan. 23, Youtuber Crypto Tim published a video where he reveals how hackers scammed one of his Telegram followers with the help of a fake site. He claims that the premature changes to the EOS constitution will make it difficult for the victim to recover from the successful phishing attempt.
How it happened
Phishing is the practice of creating designing fake websites in order to obtain to obtain sensitive information (usernames, passwords, or wallet keys). The website, which has been exposed a fraud, posed as a copy of the real Telos Foundation website. Those who are attentive enough will notice the extra hyphen in the address bar.
The victim received 0.0001 EOS with a message that contained the fraudulent address. After that, the uninitiated user unlocked his wallet and the hacker changed his key pair. His wallet has now been unlocked, and he’s currently getting his 800 EOS refunded, but it might not be an easy feat.
Is EOS to blame?
Crypto Tim explains that the user in question will have a hard time getting back access to his account: due to the announcement in the current constitution, eCAF is not functioning properly. Instead of base-level compulsory arbitration, there is only opting arbitration. They stopped executing eCAF orders because they’ve found a better solution, but the account recovery is just an idea that was can be hardly used in practice.
He states that is currently cooperating with the EOS Alliance in order to figure out what to do about the whole situation. He adds that protecting users’ accounts is a good idea, but we need to test them in practice before implementing these alternative security measures. eCAF is not the ultimate solution, but it’s a nice way of protecting funds.
NB! If you receive any small amounts of EOS in your wallet – don’t go to them given that it could be a smoking gun. Do research before revealing your private keys to anyone.