Accountability plays a key role in dependable distributed systems. It allows to detect, isolate and churn malicious/selfish nodes that deviate from a prescribed protocol. To achieve these properties, several accountable systems use at their core cryptographic primitives that produce non-repudiable evidence of inconsistent or incorrect behavior. In this paper, we show how colluding adversaries can exploit the use of cryptographic digests in accountability protocols to mount what we call a duck attack. In a duck attack, colluding adversaries exploit the use of cryptographic digests to alter the transmission of messages while still looking honest: selfish behaviors remain undetected. We first discover the duck attack while analyzing PAG -a custom cryptographic protocol for accountable systems presented at ICDCS 2016. We later discover that accountable distributed systems based on tamper-evident log are also vulnerable to the duck attack and apply it on AcTinG -a protocol presented at SRDS 2014. To defeat our attack, we modify the commonly used hash-based log structure to have high-order dependency level between the authenticators and the messages stored in the log.