I — New Scam Going On TRX/USDT/BSC/ETH/Polygon Users!

This malicious contract involved:

• 0x732e9b5f59c9a442db18f7d57dd2bbfc804281cb

• Decompiled

Basically the attacker creates a vanity address very similar to your own, and send you very small amounts of USDT or something in the hope that you’ll check balance on BlockScan, and one day copy and paste their address and send to it by mistake!

The next time Victim A carelessly copies the address of the historical transaction, it is easy to copy it to the address C prepared by the hacker by mistake, thus transferring the funds to the wrong account.

Check Out:

https://slowmist.medium.com/slowmist-another-airdrop-scam-but-with-a-twist-1666e01b6a6c

http://mirror.xyz/x-explore.eth/cL3d_CyNujXq8XY7ueP4omNXx_IY1EG5Dz0FD0vJ90M

https://medium.com/etherscan-blog/spoof-tokens-on-ethereum-c2ad882d9cf6

• SlowMist: Another Airdrop Scam, but with a twist

• Address Poisoning Attack, A continuing Threat

• ‘Spoof’ Tokens on Ethereum

Sleepy people sometimes do illogical things 🤷‍♂️ one of the chat users got attacked for 10k$:

• a8ae672bb0e6afaf3cd34b4d33de82d65714682d1c64c6ea1e03313bc5ad529b

While seemingly simple and similar to the Dusting Attack, this is a completely new thing closer to social engineering/vanity attacks/phishing!

TLDR: always double-check any address letter by letter, digit by digit! Whitelist your working addresses!

II — Attack Variations

Questions began to be raised over the discovery of mysterious outgoing zero transactions with supposed approve signatures…

Check out this example, seen both at Tron and Ethereum Main-net:

This address (Attacker): etherscan.io/address/0xfe3c53086f256219b81a6afbf614cd839c1c5982

Is interacting with this smart contract (and other similar ones): etherscan.io/address/0x23dd013da6d35b3271c9199e38d659e763e38463

Creating transactions like these:  etherscan.io/tx/0x7da7966512de60eef5c494407782bddf569d1cfb42793f0afe77ee9e2edc16bf

Another example (Tron):

• etherscan.io/tx/0x76aca85852108175a6411331de8bcd7007a849857180c533e16b733911980a64

At the same time, all of the customers reported that no one had signed such approves! In a nutshell, it’s the identical spam attack as in the previous example!

• My colleagues explained it in greater detail: t.me/gfischannel/505

The transferFrom function was called, not transfer, which means that the From address was supposed to give that address who signed the transaction, but since the sum is zero and all new contract memory cells are initialized with zeros, everything runs smoothly (since there is a 0 for any address) (deepl.com) 🤔

TLDR: You must just ignore these transactions!

Here, an attacker is sending 0 transactions in hope someone will copy last receiver address and send crypto by mistake - like in a clipboard (clipper malware) attack!

Unlike the first attack the attackers may also first wait for you to ask about strange transactions somewhere on Twitter and then finish scam with using social engineering in DMs!

Once again, ignore them, if you are worried about stolen seed - migrate funds via:

• disperse.app

• multisender.app

• sweeposaurus.com

…or manually.

If you still have to revoke approvals at Tron — you may use cointool.app with caution!

https://t.me/officer_cia/769

https://twitter.com/officer_cia/status/1609690743828013056?s=20&t=PGY8jO26vK3Bj337WbH0Pg

Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users!

I don’t have as much money as the fictional character in our essay, but your support helps me to exist 🙂

• Check out my GitHub

• Follow my Twitter

• Track all my activities

• All my Socials

• Join my TG channel

If you want to support my work, you can send me a donation to the address:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc

• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC

• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR