CZ tracks Etherscan to flag spam transactions resulting from address poisoning scams and said block explorers should fully filter out malicious transfers.
summation
- CZ says block explorers should filter out address poison spam.
- The user received 89 poison warnings in 30 minutes after two sends.
- Attackers use pseudo-addresses and zero-value transmissions to trick users.
The former Binance CEO posted to
The criticism follows an incident in which a user identified as Nima received 89 address poison emails within 30 minutes after making just two stablecoin transfers on Ethereum.
Etherscan warned of an attack that aims to trick users into copying similar addresses from their transaction history when sending funds.
βToo many people will fall victim to this,β Nima warned after an automated attack campaign targeted his wallet.
CZ tracks Etherscan to flag spam transactions.
Xeift said that while Etherscan hides zero-value transfers by default, BscScan and Basescan require users to explicitly click the “Hide zero amount transfers” button to eliminate address poisoning attack transactions.
Differences in default settings may result in some users seeing spam that could send funds to attacker-controlled addresses.
CZ noted that filtering could impact microtransactions between AI agents in the future, suggesting that AI could be used to distinguish legitimate zero-value transfers from spam.
Dr. Favezy pointed out that swaps pose additional risks beyond address addiction. Yesterday’s swap of the 0x98 wallet, which turned $50 million into $36,000, raised concerns about routing and liquidity source selection.
βWe sincerely hope that AI agents can route through the right routers and best liquidity sources to avoid situations like this,β Favezy wrote.
Address poisoning causes your wallet to be flooded with similar addresses
The attack works by using the transferFrom function to initiate a token transfer with a value of 0. The attacker sends a token with a value of 0 to generate a transfer event that appears in the victim’s transaction history. All addresses default to a 0 value acknowledge, allowing event emission.
The attacker then combines this with address spoofing to increase the likelihood that the victim will copy the wrong sending address.
The spoofed address matches the first and last characters of the legitimate address.
Nima’s case shows the scale these attacks can reach, with 89 poisoning attempts in 30 minutes with just two legitimate transfers. Due to its automated nature, attackers can target thousands of addresses simultaneously whenever they detect stablecoin or token movement on the chain.