PANews reported on April 14th that Squads, a multi-signature protocol within the Solana ecosystem, announced on its X platform that its team has discovered an address poisoning attack targeting Squads users, but there is currently no evidence that any users have been affected. The attackers programmatically create new multi-signature accounts containing existing Squads users as members using publicly available on-chain public keys. Simultaneously, the attackers generate public keys whose first and last characters match the user's real multi-signature address through collision detection, making the forged accounts appear legitimate on the interface. The attack aims to mislead users into mistaking the forged multi-signatures for real accounts, transferring funds to their addresses or signing unauthorized transactions. Squads emphasizes that this is not a protocol vulnerability; the attackers cannot access user funds or modify existing multi-signatures; it is purely a social engineering attack at the interface level. Users should ignore any multi-signature accounts that have not been created or added by the team, and verify addresses completely rather than relying on first and last character matching. Squads will launch attack warning banners and alerts for uninterrupted multi-signatures within two hours, and will also introduce a whitelist mechanism in the coming days.