According to Squads, attackers are using fake multisig accounts with similar address patterns in a UI-level social engineering attempt, while no affected users have been identified and mitigations are being prepared.
Squads warned Solana users about an address poisoning attack aimed at multisig users, saying there is no evidence that any users have been affected. According to the warning, attackers created fake multisig accounts using public keys and matching address prefixes and suffixes to resemble legitimate accounts. Squads described the incident as a UI-level social engineering attack rather than a direct compromise of wallet security. The company said it plans to introduce alerts within two hours and a whitelist mechanism in the coming days to reduce the risk of users copying fake vault addresses or approving malicious transactions.