{"id":548910,"date":"2023-02-07T17:33:00","date_gmt":"2023-02-07T14:33:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/"},"modified":"2023-02-07T17:33:00","modified_gmt":"2023-02-07T14:33:00","slug":"scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/","title":{"rendered":"# Scammers are targeting crypto users with new \u2018zero value TransferFrom\u2019 trick"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2e1c647b34e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2e1c647b34e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#%E2%80%9D_Scammers_are_targeting_crypto_users_with_new_%E2%80%98zero_value_TransferFrom_trick_%E2%80%9C\" >&#8221; Scammers are targeting crypto users with new \u2018zero value TransferFrom\u2019 trick &#8220;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#Sending_a_transaction_without_owner_permission\" >Sending a transaction without owner permission\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#Examples_of_the_zero_value_transfer_scam\" >Examples of the zero value transfer scam<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#Misleading_addresses\" >Misleading addresses<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#Wallets\" >Wallets<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#Block_explorers\" >Block explorers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\/#Tips_for_avoiding_the_%E2%80%98zero-value_TransferFrom_trick\" >Tips for avoiding the &#8216;zero-value TransferFrom&#8217; trick<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Scammers_are_targeting_crypto_users_with_new_%E2%80%98zero_value_TransferFrom_trick_%E2%80%9C\"><\/span>&#8221; Scammers are targeting crypto users with new \u2018zero value TransferFrom\u2019 trick &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-4bbf85c5>Data from Etherscan shows that some crypto scammers are targeting users with a new trick that allows them to confirm a transaction from the victim\u2019s wallet, but without having the victim\u2019s private key. The attack can only be performed for transactions of 0 value. However, it may cause some users to accidentally send tokens to the attacker as a result of cutting and pasting from a hijacked transaction history.<\/p>\n<p>Blockchain security firm SlowMist <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/slowmist.medium.com\/slowmist-be-wary-of-the-transferfrom-zero-transfer-scam-c64ba0e3bc4d\">discovered<\/a> the new technique in December and revealed it in a blog post. Since then, both SafePal and Etherscan have adopted mitigation techniques to limit its effect on users, but some users may still be unaware of its existence.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Recently we have received reports from the community of a new type of scam: Zero Transfer Scam. Be careful if you see suspicious 0 transfer in your wallet record:<\/p>\n<p>1\/10<\/p>\n<p>\u2014 Veronica (@V_SafePal) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/V_SafePal\/status\/1602871714555121664?ref_src=twsrc%5Etfw\">December 14, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>According to the post from SlowMist, the scam works by sending a transaction of zero tokens from the victim\u2019s wallet to an address that looks similar to one that the victim had previously sent tokens to. <\/p>\n<p>For example, if the victim sent 100 coins to an exchange deposit address, the attacker may send zero coins from the victim\u2019s wallet to an address that looks similar but that is, in fact, under the control of the attacker. The victim may see this transaction in their transaction history and conclude that the address shown is the correct deposit address. As a result, they may send their coins directly to the attacker.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Sending_a_transaction_without_owner_permission\"><\/span>Sending a transaction without owner permission\u00a0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Under normal circumstances, an attacker needs the victim\u2019s private key to send a transaction from the victim\u2019s wallet. But Etherscan\u2019s \u201ccontract tab\u201d feature reveals that there is a loophole in some token contracts that can allow an attacker to send a transaction from any wallet whatsoever.<\/p>\n<p>For example, the code for USD Coin (USDC) on Etherscan <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/address\/0x0882477e7895bdC5cea7cB1552ed914aB157Fe56#code\">shows<\/a> that the \u201cTransferFrom\u201d function allows any person to move coins from another person\u2019s wallet as long as the amount of coins they are sending is less than or equal to the amount allowed by the owner of the address.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/1ccf6fa4-80e5-4372-a7d0-896a966b35a0.png\"><\/figure>\n<p>This usually means that an attacker can\u2019t make a transaction from another person\u2019s address unless the owner <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roves an allowance for them. <\/p>\n<p>However, there is a loophole in this restriction. The allowed amount is defined as a number (called the \u201cuint256 type\u201d), which means it is interpreted as zero unless it is specifically set to some other number. This can be seen in the \u201callowance\u201d function.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/9e5f62ad-4886-47cc-a9b9-041525513ca9.png\"><\/figure>\n<p>As a result, as long as the value of the attacker\u2019s transaction is less than or equal to zero, they can send a transaction from absolutely any wallet they want, without needing the private key or prior approval from the owner.<\/p>\n<p>USDC isn\u2019t the only token that allows this to be done. Similar code can be found in most token contracts. It can even be <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/eips.ethereum.org\/EIPS\/eip-20#implementation\">found<\/a> in the example contracts linked from the Ethereum Foundation\u2019s official website.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Examples_of_the_zero_value_transfer_scam\"><\/span>Examples of the zero value transfer scam<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Etherscan shows that some wallet addresses are sending thousands of zero-value transactions per day from various victims\u2019 wallets without their consent.<\/p>\n<p>For example, an account labeled Fake_Phishing7974 used an unverified smart contract to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/txs?a=0xcfabef41fc0076f9736ede647a39468a426667ca\">perform<\/a> more than 80 bundles of transactions on Jan. 12, with each bundle <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0xe0618d410a72fd581572eb46a1c4d60d57a3363da0a6ecff0e997aec6da35f09\">containing<\/a> 50 zero-value transactions for a total of 4,000 unauthorized transactions in one day.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/6eff31da-25bb-4b1e-b5db-7257de6c49c7.png\"><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Misleading_addresses\"><\/span>Misleading addresses<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Looking at each transaction more closely reveals a motive for this spam: The attacker is sending zero-value transactions to addresses that look very similar to ones the victims previously sent funds to.<\/p>\n<p>For example, Etherscan shows that one of the user addresses targeted by the attacker is the following:<\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/address\/0x20d7f90d9c40901488a935870e1e80127de11d74#tokentxns\">0x20d7f90d9c40901488a935870e1e80127de11d74<\/a>.<\/p>\n<p>On Jan. 29, this account authorized 5,000 Tether (USDT) to be sent to this receiving address:<\/p>\n<p>0xa541efe60f274f813a834afd31e896348810bb09. <\/p>\n<p>Im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely afterwards, Fake_Phishing7974 sent a zero-value transaction from the victim\u2019s wallet to this address:<\/p>\n<p>0xA545c8659B0CD5B426A027509E55220FDa10bB09.<\/p>\n<p>The first five characters and the last six characters of these two receiving addresses are exactly the same, but the characters in the middle are all completely different. The attacker may have intended for the user to send USDT to this second (fake) address instead of the real one, giving their coins to the attacker.<\/p>\n<p>In this particular case, it appears that the scam did not work, as Etherscan does not show any transactions from this address to one of the fake addresses created by the scammer. But given the volume of zero-value transactions done by this account, the plan may have worked in other cases.<\/p>\n<p>Wallets and block explorers may vary significantly as to how or whether they show misleading transactions.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Wallets\"><\/span>Wallets<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Some wallets may not show the spam transactions at all. For example, MetaMask shows no transaction history if it is reinstalled, even if the account itself has hundreds of transactions on the blockchain. This implies that it stores its own transaction history rather than pulling the data from the blockchain. This should prevent the spam transactions from showing up in the wallet\u2019s transaction history.<\/p>\n<p>On the other hand, if the wallet pulls data directly from the blockchain, the spam transactions may show up in the wallet\u2019s display. In a Dec. 13 announcement on Twitter, SafePal CEO Veronica Wong <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/V_SafePal\/status\/1602871714555121664\">warned<\/a> SafePal users that its wallet may display the transactions. In order to mitigate against this risk, she said that SafePal was altering the way addresses are displayed in newer versions of its wallet so as to make it easier for users to inspect addresses.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">(6\/10) Upon this, we have taken actions:<br \/>1) In the latest V3.7.3 update, we adjusted the length of the wallet address displayed in the transaction history. The first and last 10 digits of the wallet address will be displayed in default, for the sake of address examination<\/p>\n<p>\u2014 Veronica (@V_SafePal) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/V_SafePal\/status\/1602871724428603392?ref_src=twsrc%5Etfw\">December 14, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In December, one user also reported that their Trezor wallet was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/forum.trezor.io\/t\/zero-usdt-transfer-phishing-scam\/10926\">displaying<\/a>\u00a0misleading transactions.<\/p>\n<p>Cointelegraph reached out through email to Trezor developer SatoshiLabs for comment. In response, a representative stated that the wallet does pull its transaction history directly from the blockchain \u201cevery time users plug in their Trezor wallet.\u201d <\/p>\n<p>However, the team is taking steps to protect users from the scam. In an upcoming Trezor Suite update, the software will \u201cflag the suspicious zero-value transactions so that users are alerted that such transactions are potentially fraudulent.\u201d The company also stated that the wallet always displays the full address of every transaction and that they \u201cstrongly recommend that users always check the full address, not just the first and last characters.\u201d<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Block_explorers\"><\/span>Block explorers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Aside from wallets, block explorers are another type of software that can be used to view transaction history. Some explorers may display these transactions in such a way as to inadvertently mislead users, just as some wallets do.<\/p>\n<p>To mitigate against this threat, Etherscan has begun graying out zero-value token transactions that aren\u2019t initiated by the user. It also flags these transactions with an alert that says, \u201cThis is a zero-value token transfer initiated by another address,\u201d as evidenced by the image below.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/6e82643e-34e2-456e-b530-5b25c7148d68.png\"><\/figure>\n<p>Other block explorers may have taken the same steps as Etherscan to warn users about these transactions, but some may not have implemented these steps yet.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tips_for_avoiding_the_%E2%80%98zero-value_TransferFrom_trick\"><\/span>Tips for avoiding the &#8216;zero-value TransferFrom&#8217; trick<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cointelegraph reached out to SlowMist for advice on how to avoid falling prey to the \u201czero-value TransferFrom\u201d trick.<\/p>\n<p>A representative from the company gave Cointelegraph a list of tips for avoiding becoming a victim of the attack:<\/p>\n<ol>\n<li>&#8220;Exercise caution and verify the address before executing any transactions.&#8221;<\/li>\n<li>&#8220;Utilize the whitelist feature in your wallet to prevent sending funds to the wrong addresses.&#8221;<\/li>\n<li>&#8220;Stay vigilant and informed. If you encounter any suspicious transfers, take the time to investigate the matter calmly to avoid falling victim to scammers.&#8221;<\/li>\n<li>&#8220;Maintain a healthy level of skepticism, always stay cautious and vigilant.&#8221;<\/li>\n<\/ol>\n<p>Judging from this advice, the most important thing for crypto users to remember is to always check the address before sending crypto to it. Even if the transaction record seems to imply that you\u2019ve sent crypto to the address before, this appearance may be deceiving.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/scammers-are-targeting-crypto-users-with-new-zero-value-transferfrom-trick\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Scammers are targeting crypto users with new \u2018zero value TransferFrom\u2019 trick &#8220; Data from Etherscan shows that some crypto scammers are targeting users with a new trick that allows them to confirm a transaction from the victim\u2019s wallet, but without having the victim\u2019s private key. The attack can only be performed for transactions of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":548911,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/e25e209e-8e5a-4058-906f-120b89c30c67.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,70375,70944,72287],"class_list":["post-548910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-cybersecurity","tag-hackers","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/548910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=548910"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/548910\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/548911"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=548910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=548910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=548910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}