EOS.io users have recently found themselves the target of a phishing campaign. Hundreds of people have reportedly fallen into victims with more than 14,600 EOS lost.

The hacker redirected users to a phishing site by sending tiny amounts of tokens to EOS holders’ addresses that contains the link to the phishing site. Recipients of the small transfers then will be induced to download the phishing app named eos-pay.vip that purports to offer an airdrop of 10,000 EP coins. Once they clicked on the link and download the app, their private keys will be stolen and the phisher can have access to their wallet.

The outcome of allowing app installs from unknown sources is to risk all your assets. According to China-based Johnwick Security, the phisher’s account (eospayairdrp) has amassed 14,565 EOS (about $70,000) over these days.

Though it is rather difficult to get their stolen assets back, victims are sending tiny amounts of EOS to the phisher, likely conducting a dusting attack as an attempt to identify the person behind the wallet.

As cryptocurrencies gain popularity, they are often the subject of debate and find themselves in the crosshairs of malicious actors. Scams like this targeting huge companies and large coins are to be expected. Still, people keep falling into these traps.

The day before it, the security firm reported that the ongoing phishing attack against cryptocurrency wallet Electrum has netted the malicious hacker 1,450 BTC at least (about $11.6 million). The hacker redirected users to a phishing site via a message requiring users to update the app to version 4.0.0, and once they click on the link, their private keys will be stolen and assets in the wallet will be gone.

It is worth noting that users of Electrum under 3.3.4 version is vulnerable to such phishing attacks. Users should update to the latest Electrum3.3.8 through the official website (electrum.org); v4.0.0 has not yet been released.

According to an August report from cryptocurrency intelligence firm CipherTrace, the crypto industry had lost $4.3 billion to cybercriminals in the first half of 2019.