Double Spend ERC-20??

[NewbinETH]

Hi Y'all,

I am a newb in the world of Eth, struggling to understand some transactions on etherscan looks like a double spend, but thats not possible.

https://etherscan.io/address/0xf9425c6bbde5b2a2673d534f875a28dc73711cc6#tokentxns

Can anyone tell me how an ERC-20 token can be sent out when it wasn't deposited? I'm assuming its a smart contract feature.

https://i.postimg.cc/MpJw3wYH/double-spend.png

[FatFork]

Can anyone tell me how an ERC-20 token can be sent out when it wasn't deposited? I'm assuming its a smart contract feature.

It can't. It is a fake USDT token with zero value, and such transactions are made for the purpose of phishing attacks. Do not interact with that contract and be careful which addresses you use for your transactions. Always double check the whole address when sending, not just the first or last few characters.

[Heulahee]

That is simply a scam token, it doesn't have the value now, and most people spend their fee on these coins without knowing about them actually. As this is not only the token, most of these types of coins are the, through which people can get others' money, and mostly they were in loss.

[vv181]

Quoting for image.

First of all, it is not a double spending problem. Second, it is a scam attempt.

Notice the red warning icon on the ERC-20 TOKEN* text. If you hover over it, it will show "The token transferred has poor reputation score. Please be careful if you choose to interact with the token."

If you visit the address(https://etherscan.io/address/0x5852b5b39358d8347fbe369556fba1107c59ef69), it also shows " There are reports that this address was used in a Phishing scam. Please exercise caution when interacting with it."

Also, take a look at the differences:

0x17cae2fDD9f2D7F4F8782951ba18193605D9AF86 USDT
0x17C4e7820D3b393473A0806Eca6933c451a0AF86 SCAM token

0x967668b86ac0D468196e18b31319d45809bd16F8 USDT
0x967668B786570c835Afc76502859130B09Bd16F8 SCAM token

The few characters of the initial and the last address are similar. But the whole one is a completely different address. It is a scam attempt utilising some smart contract features, so the problem in your case is not a double-spend concern, but just simply regular and known scam attempts.

[blockman]

@Op, this is rampant and not only happening in the Ethereum chain. Like what everyone is saying, this is a scam attempt, and don't fall for that as it's already flagged by the system. So, be watchful that you might encounter this again in some other chains where you think you got a jackpot by receiving a reward out of nowhere that's going to show you thousands that will make you excited and enticed about it. Good thing that you've asked for this because who knows if you're too curious to know about it and then you didn't ask the community first, you might have fallen for it.

[cryptomaniac_xxx]

Hi Y'all,

I am a newb in the world of Eth, struggling to understand some transactions on etherscan looks like a double spend, but thats not possible.

https://etherscan.io/address/0xf9425c6bbde5b2a2673d534f875a28dc73711cc6#tokentxns

Can anyone tell me how an ERC-20 token can be sent out when it wasn't deposited? I'm assuming its a smart contract feature.

As others have said already this is not new, and this has been used by scammers for many years.

No double spending here, just be careful when you check the contract address, there will be red flags over it and telling you that indeed it is a scam token and not to be trusted.

It's good that you ask the community about it in the first place and hopefully you didn't fall for this trick.

[vv181]

this is rampant and not only happening in the Ethereum chain.

Yes, that is also worth noting. As I have explained above it also utilises smart contract capabilities. And another chain where it affected is also using a fork of the Ethereum Virtual Machine. So it is very likely if there scam attempt on one chain using a specific mechanism, there will be a similar one that was attempted on another chain.

If we scrutinise this particular one that was raised by OP, we can see clearly that it contains a vanity address and an exact value of the legitimate token that is being transferred, in this case, USDT. So it acts as a decoy for the user to mistakenly copy an address based on its own last transaction, in an attempt to deceive the user to send an amount to the address that is owned by the scammer.