Bitcoin Forum

This is not my address but its a similar transaction.

https://etherscan.io/address/0xf5e3bf94664763949ba3b1bd20436cd90de18d07#tokentxns

This individual sent 4000 USDT to 0x362e9b95907f88eafa33bb519c7046a32d3fb887

Then a few minutes later a 0 USDT transaction went to a similar address 0x361c73a3943094fba350f505f5506def77efb887

The last few characters are similar and first 2 are the same "0x36".


Anyone know why this is happening?

Obviously its not the address holders doing this transaction. Basically sent 0 USDT and 0 USDC to different addresses? Anyone know why this is happening?

The transaction doing this is
https://etherscan.io/tx/0xa7d38a04485864e7c4481d8258f0cc9bea335bf38d61cfaa37ae8b6c0c8d72b9

Anyone know why they are doing this? Seems to be wasting fees. Is it just an etherscan bug?

I know that it didn't come out of my actual address because the next nonce doesn't include this transaction, which means it never came out of my wallet.

Thanks for sharing this article, wans't aware of this new wave of scam : we can't even trust our own tx history anymore lol.
I often do things in rush even when using cryptos but this is yet another evidence we always must take the time of doublechecking everything when sending out coins.

it's similar case but on BSC network Binance smart chain and 0 dollars transactions attack (https://bitcointalk.org/index.php?topic=5424680.0)


transactions https://bscscan.com/tx/0x8af45041085d513da6c5acb06bc82acf108ccc08d7ae3a2b7dbe4671c2d75d70

Is this possible even if you didn’t share any details about your wallet? I mean its more of a private wallet where you just hold your big money and no one knows about it. If this is just an old way to scam you then better not to look at it, or ignore it because many says if you make transaction about that specific token, then your details will be corrupted and you’ll get hacked.

This is why it's very important to copy the deposits address from the exchange deposit address section or other person's deposit address rather than rely on transaction history

Also, wallets like trust wallet should implement a feature where one can label transactions just like it is with electrum, This will help the would be victims from noticing that something is off when they attemtp to copy wallet addresses from the transaction history

Something like this

https://talkimg.com/images/2023/05/14/blob027398ddbfc2e350.png

Those who do it know what they want to achieve and it is something that will not favour the wallet owner. I have noticed similar thing in my trust wallet and it used to scare me until I understood that since am not claiming the suspicious tokens nothing bad happens to my wallet. I have learned to just ignore it whenever I notice it nowadays. Criminals everywhere online seeking who to swallow.

As Ratimov posted link stated. That is for preparation to make you make a mistake if somehow you copy-pasted an address from your history.  If you don't copy-paste an address from your transaction history, then you are safe.

So this is like creating an opportunity for the sender to make a mistake and send the amount to the address that is created specifically for this attack.

So to avoid being a victim of this Address Poisoning Attack,

Make sure you don't copy the address from your transaction history.

Thanks for posting that article. It all makes sense now.

I am really surprised that etherscan makes the transaction appear out of my wallet. And I also found it very odd that the destination address of mine was very similar with the first and last characters identical.

Crazy how so far they gained almost $2M cheating people this way.

I wonder how they did this that's why it feels strange when my wallet received some shit tokens and I ended up not using it anymore cause I've been using my BSC wallet on NFT games and others back then. It might be the same reason they got my wallet address and decided to send me those traps. They are really getting updated with their scams as well and if we don't read and learn from here, we might end up falling into their trap one day.

I saw the same events just as what happened to you and to my surprise:


That's already a lot if they've gained this much by doing this. I think to have a better exposure to this type of attack, the crypto news media should have their initiative to have it covered in their articles especially the most popular ones.

You did the right thing, also trust wallet devs are aware of those scam tokens so they won't appear in your wallet as a valid token, you won't even know that you have such token unless you use ether scan to scan your wallet address.

Getting scam tokens depossited into your wallet is nothing knew. Its been going on for years. Basically they deposit some fake token like USDT Coin and give you like 1,000,000 tokens and they list some scam website, in the same website you can exchange 1,000,000 of the token for $1,000,000 but the trick is to get your private key, this is obviously an old scam and not the same.

This scam is different because it makes it seem like the token transfer came out of your wallet. At first you think your seed is compromised however when you look closer it seems like its some exploit, which it is.

Unique way how to scam us by sending 0 USDT, but this first cases I heard because last week my friend update received 0 USDT amount but with BSC chain network not ERC20. I can't explain yet how this possibility happen, have different label fake USDT and real USDT or not? Still looking for with scammer how exploit our main wallet by sending fake USDT with 0 amount, actually have different contract with real stable coins with fake stable coin and right now scammer one step forward with their smart ideas how to scam us.

It is not exploit, it is a feature implemented by ETH devs, also copied to BSC. This was created on purpose, Ethereum virtual machine is coded to accept transactions from your wallet without private keys. Absolutely anyone can send any tokens from any wallet, as long it's 0.

It is a bug, not an exploit, for sure it shouldn't be an intended implication of the developer's intent. This also should not be on purpose. Allowing a transaction to be accepted without user consent seriously harms the ecosystem. In the first place, things like this should be considered if they are aware of the current flawed implementation occurrence. Thus it makes no sense if the smart contract developers were allowing this to happen.

Of course they knew, they were the ones who created this backdoor and vulnerability in the first place. Read the code, they made the code that accepts transactions without signature of the owner of the address. Without private keys. Other crypto like BTC or XRP don't have this backdoor.

Nothing new to me. I’ve received such scam tokens deposited into my multiple wallets (even cold storage) and I just simply ignored them. But back then, I could have almost fallen victim but good thing I took time to research and doing my due diligence.

You just simply do not claim them nor touching it. Just leave it as it is and nothing happens.

This is the opposite. Token are moved FROM you wallet, not to your wallet. It's 0 tokens though.

Honestly, I give the benefit of the doubt to the developers. By mean developer the initial development made by the OpenZeppelin dev, do note that as an ecosystem everyone who comprehends code can see the implication of this flawed code, but, nobody bats an eye until this flaw mechanism is being used by a scammer. The code is also used by another developer, the one who made the smart contract implementation which used the OpenZeppelin library. Though it is indeed concerning when many developers allowed this to happen, I wonder what is their reasoning.

Can people transfer money from cold wallet? Without having them? Isnt it the main purpose of Cold Wallets to keep assets safe?

No they can't , luckily.

Thread title is a bit misleading, if you read carefully opening post you first line says :


Basically attackers create and use very similar addresses to the ones the victim of the attack is sending money to , so that a "malicious" address is stored in tx history of the victim  : if the victim doesn't doublecheck carefully every address they are sendin money to but lazily copy them from theiy TX history they risk to lose their funds.

Mate, cold wallets are safe, there is no need for panic, and it is good that you saw such a topic in order to know this trick that the scammer did so that you and everyone else do not fall victim to it, we just have to focus and take some time and not copy the addresses of the wallets that we received from or sent to from the transaction history, because most likely there will be a scammer’s wallet that we will think is a safe wallet to transfer our funds to and it is not, so we have to carefully copy the deposit wallets from the exchange platforms or from the person to whom the funds are to be transferred, with careful focus, without resorting to the transaction history, because the scammer takes advantage of the victim's inattention and lack of focus in order for the victim to copy his wallet address which is similar to the addresses of the victim's wallet in the transaction history.

This transaction is suspicious and after reading some replies, I there are some scams like this. The wallet address is actually different, but they have the beginning and also last characters that are similar. Can someone copy and make quite a similar wallet address? If this is available, well, I am a little bit worried because commonly, we will only focus on some first and last characters of our wallet. We may also not focus on correcting all characters on the wallet, right? So, when we are seeing the transaction, we can copy and paste again the wallet address and search for the replacement or find a tool to ensure that the wallet is exactly the same or not. But, exactly, if we are not careful enough, we will directly think that this is our transaction in a similar wallet and we may panic about the situation certainly.

I lost by this vulnerability 100000 dollars.
https://bitcointalk.org/index.php?topic=5425022.0 (https://bitcointalk.org/index.php?topic=5425022.0)

Yes I didn’t know that you could make transactions from any address as long as it’s 0 and make it appear like a legit transaction.

Either way the nonce is not needed to do this apparently because the nonce is skipped with the 0 erc20 transaction. Why they did this who knows. Maybe for some smart contract feature. Either way it provided a huge scare to see it come out from my cold storage wallet.

Be aware of the scammers who send tokens to the wallet, usually they include the URL and then ask us to connect to the wallet so that when we connect then they have gotten our private key, the best step is to immediately move assets to other wallets if they have already connected to websites that we don't know .