Watch out for this NEW TransferFrom Zero Transfer Scam!

[suchmoon]

I thought it is clear that one needs to check address very carefully and of course it needs to be an trusted source to compare with

but what could be better as our wallet? or explorers we all use to confirm and check transactions?

If the wallet/explorer had the wrong address to begin with, and you're comparing it to another address from the explorer/wallet, then you obviously have a problem, don't you really see it? What if the other address is wrong too? Do you take three and conduct a vote?

You need to get the address from the original source. If it's an exchange/casino/etc - from the deposit page (some sites will also e-mail it to you as an additional precaution against clipboard malware - make sure to cross-check it on different devices), if it's for a purchase - from the checkout page (verify against QR if there is one), if it's from a person - use the original PM/e-mail/whichever way they communicated it to you, if it's some sort of public address like for a donation - get it from the official source, and so on.

only direct contact with the other party and confirming the address, usually one checks his wallet and use old one already used and confirmed, TBH i don't know any other way, if you do please tell me?

many times when I confirm address I hear: "send me to the previous addy, use the one we used lately/last time, etc" not always they are able to check it on the go, the only way then is to go to your wallet or explorer and here you are now on the minefield of 0value transactions

That's how people get scammed, one is too lazy to provide the address, the other one is too lazy to verify it.

Not to mention this goes against best practices of not reusing addresses. If you generate a new address for every TX then you'd avoid the issue altogether. Unfortunately it seems that most custodial sites don't have that option.

and here we come again to this shitty 0 value transactions that pop up in our wallets, that we TRUST and think are the best source of information, addresses from senders to check them back and forth, what could be better as confirmed transaction in my wallet?

you need to understand that 0 value transactions are sent immediately after wallet receives any incoming transaction, additionally majority of wallets, exchanges, shows only few first and last  numbers, this is common as people behavior to check only few of them (I am the best example) so yes we need to change a lot as we see, and for sure we as community should start to make noise about this.

None of it matters. Even if you insist on using your NON-WEB wallet (should never use an explorer or an online wallet or any other third party sites) to copy the address, you should still know that you didn't make the 0 transfer so why would you copy that address.

I would never remember which tx went to whom anyway, so if someone said "just use the same address as last time" I wouldn't be looking in my wallet, I'd be looking back to where that person gave me the address, and would ask to resend it if I can't find it. An alternative is to label addresses in the wallet if it has that feature, this might work too.

As I said in the other thread, I couldn't believe that many people would do this (copy-paste from explorer) predictably enough to get scammed, but apparently they do, and now you keep arguing that it's the only way. It really isn't.

[wwzsocki]

... you should still know that you didn't make the 0 transfer so why would you copy that address...

because we are humans and we all do mistakes, this is what they count for

but as I have written earlier I fill like kicking with horse discussing with you this matter

That's how people get scammed, one is too lazy to provide the address, the other one is too lazy to verify it.

I gave you few real live examples when this is hard or even impossible to confirm address with the source and you keep persisting this is all users fault, that we are lazy, etc

Not always is possible to get the other party to confirm address, especially if that matter was discussed at start of cooperation and addresses where set in stone, then one checks them in the wallet if there is no other place he save it, not from laziness only because we have to do it at this particular time

we should be careful when sending transactions, now even more, always check them with the source, there also should be no wars and hunger in ideal world but we don't live in such place, here where we are is full of scammers that only wait for us to do mistake

snip

please use final (edited) version of my posts when you quote me, if possible

EDITED

[suchmoon]

this is exactly what I mean, I gave you few real live examples when this hard or even not possible to confirm address with the source and you keep persisting this is all user fault, that we are lazy, etc

this is not always possible to get the other party to confirm address, especially if that matter was discussed at start of cooperation and addresses where set in stone, then one checks them in the wallet if there is no other place he save it, not from laziness only because we had to do it at this particular time

I call it laziness because "I don't have 30 seconds to double-and-triple-check a $100k tx" sounds like laziness. Not saving the request for payment to a certain address (essentially part of your contract with the other party) is also asking for trouble for other reasons, e.g. if you get accused of scamming and you have no record of being asked to send money to that address. This is all either a made up story, or you are really so negligent in your dealings, not sure which is worse.

please use final (edited) version of my posts when you quote me, if possible

Not possible if you edit while I'm typing and don't even add a note that you edited something.

[wwzsocki]

I call it laziness because "I don't have 30 seconds to double-and-triple-check a $100k tx" sounds like laziness...

this is also beyond my comprehension. I try to justify him by saying that he was probably an inexperienced user, don't know haven't read his full story.

Not possible if you edit while I'm typing and don't even add a note that you edited something.

you are right I will add "edited" next time

EDITED

[PrivacyG]

Of course this is also beyond my comprehension. I try to justify him by saying that he was probably an inexperienced user, don't know haven't read his full story.

Do people also never triple check bank account (or credit card) characters when spending or transferring money somewhere?  Does nobody check the amount before sending to make sure they are not sending 10 times the amount by accident?  Do they not check if the change they received at the shop is correct?  I can not wrap my head around this.  If they triple check bank account transfer details multiple times, why not check a Bitcoin transfer worth a freaking luxury car!

For large BTC transfers I check the address like 5 to 10 times just to make sure.  If my Wallet asks me to confirm afterwards, I check it multiple times AGAIN.  Because look what can happen!  All of this can be avoided by just following one (and one of the most important) step.  Check the address before you send.  Correct?

-
Regards,
PrivacyG

[PX-Z]

Apologize for replying a 3 week inactive thread, I just got here after reading some thread on Wallet Software board^[1], from a confused user for a zero amount transfer.

Luckily explorers already are aware of this and I see today big warning message when I check some of this suspicious transactions.

There is link in warning message that sent me to this article "SlowMist: Be Wary of the TransferFrom Zero Transfer Scam"

Quoting this message and checked the bscscan and etherscan explorer doesn't have such warning on the transaction page but just labeled the wallet address "Fake_PhishingXXXX" X = number, which i guess is not enough and should have a warning text as well.


Well, for the past several years of making crypto transactions, never been i tried to use past transaction and copy there the wallet address im trying to send with. Mostly i go to the platform say exchange, copy the deposit wallet address, paste it on the wallet and check if it's correct before sending it. Because i feel like im always going to a different mode ^{(crypto sending mode)} when im trying to send payments with crypto, because i always thought that there's no room for mistakes when making crypto transactions, else, goodbye to your coins.

[1] https://bitcointalk.org/index.php?topic=5433063.new#new

[wwzsocki]

Luckily explorers already are aware of this and I see today big warning message when I check some of this suspicious transactions.
There is link in warning message that sent me to this article "SlowMist: Be Wary of the TransferFrom Zero Transfer Scam"

Quoting this message and checked the bscscan and etherscan explorer doesn't have such warning on the transaction page...

we have talked mainly about TRON (TRC20) transactions but from what I have read ERC20 can also be vulnerable, so watch out.

if you check OP again you will see screens and there warning messages in TronScan explorer, I will forward them for you here.

https://tronscan.org/#/transaction/c9362f62af918f6197d15301de5277ff733d7b9a3f06dfa0919271bd15bea1d8

https://tronscan.org/#/transaction/71f021d17154a7a476597854d1bcf0af192da2b040cdf56bcbffa1ae38b66bd6

There are clickable links in both warning messages with more info about these scams:

https://slowmist.medium.com/slowmist-be-wary-of-the-transferfrom-zero-transfer-scam-c64ba0e3bc4d

[wwzsocki]

Just a quick update

I came across an article where Metamask team also addressed this issue discussed in this thread that hackers are using zero value transactions to scam us and they have made an update to prevent this

https://coingape.com/crypto-news-etherscan-feature-stop-address-poisoning-attacks/

finally all these scammy/spammy zero value transaction will be not visible by deafult