Block.one, the private company behind the EOSIO architecture and the EOS token, has made a statement to warn members of the EOSIO community about a phishing attack that was discovered on Sunday (27 May 2018).

The phishing attack involved an email that was sent out to several members of the EOS community — people who had been in email communication with block.one — that included a link to a scam website pretending to be an official site for EOS token registration ahead of the upcoming mainnet launch. This attack was quite sophisticated in that some of the emails sent out actually came from block.one’s Zendesk support system, which had been temporarily breached when these emails were sent.

The fraudulent email had the words “upcoming June 1st update” in its subject line. The website referenced in the email — “eoslaunch.io” — is not in any way associated with block.one. According to the results of a WHOIS lookup, the “eoslaunch.io” domain was registered by GoDaddy on 26 May 2018. This means that this phishing scam could have only started on this date.

Block.one says that it “learned of this matter quickly after it occurred.” It seems as though they were first alerted to this scam when Reddit user “designeey” made a post on 27 May 2018 on the EOS Subredit with the subject line “Please Help!! Scammed by [email protected] email”, in which he claimed that he had become the victim of a phishing attack, as a result of which 5,158 EOS tokens (at press time, according to data from CryptoCompare, worth around $61,500) were stolen.

This is a screenshot showing a portion of his Reddit post:

eos scam snapshot 1.png

Here is what the phishing email looked like:

eos phishing email.png

And here is a screenshot from the web-based Ethereum blockchain explorer “Etherscan” showing the transaction that resulted in the loss of his EOS tokens:

eos scam snapshot 2.png

Block.one says that as soon as it heard about this attack it sent out an email to all the users that had received the phishing email via its Zendesk system. The company has temporarily shut down its Zendesk support system so that it can investigate how this system was breached.

Block.one goes on to say:

“Block.one is also investigating the method by which the sender of the phishing email was able to mimic or utilize actual Block.one email addresses. We believe that the sender had access to certain Block.one systems and may have seen emails sent to or from email addresses related to Block.one and its affiliates. Through that access, the sender may have seen personal information if it was communicated in an email.

Block.one takes information security seriously and we encourage everyone in the community to remain on high alert for scams, phishing, hacks and other activities from bad actors as the end of the token distribution occurs.”

For further information about the EOS blockchain upgrade and in particular how to register your EOS tokens, please see the article on this subject that we published earlier today.