CZ goes after Etherscan for showing spam transactions from address poisoning scams, arguing that blockchain researchers should fully filter out malicious transmissions.
Conclusion
- CZ says that block researchers should filter spam that poisons the address.
- One user received 89 poisoning alerts in 30 minutes after two transfers.
- Attackers use fake addresses and transmit zero value to trick users.
A former Binance CEO posted on X that TrustWallet already implements this filter, while Etherscan continues to show zero-value poisoning transactions flooding users’ wallets.
The criticism follows an incident in which a user named Nima received 89 phishing emails after completing just two stablecoin transfers on Ethereum in less than 30 minutes.
Etherscan has warned of an attack that aims to trick users into copying similar addresses from their transaction history when sending funds.
“A lot of people are going to fall victim to this,” Nima said after the automated attack campaign targeted her wallet.
CZ goes after Etherscan to show spam transactions
Xeift explained that Etherscan hides transmissions of zero value by default, but BscScan and Basescan require users to click the “hide 0 tx amount” button to remove address poisoning attack operations.
Differences in default settings expose some users to spam, which can lead to funds being sent to addresses controlled by attackers.
CZ noted that the filter could affect small transactions between AI agents in the future, suggesting that AI could be used to distinguish legitimate zero-sum transactions from spam.
Dr. Favezi noted that swaps pose additional risks in addition to address poisoning. The swap from the 0x98 wallet, which turned $50 million into $36,000 yesterday, raised concerns about the route and choice of liquidity source.
“I really hope that AI agents can go through the right routers and the best liquidity sources to avoid situations like this,” Favezi wrote.
Linking addresses to wallets with similar addresses
The attack works by starting the transfer of zero characters using the transferFrom function. Attackers send 0-value tokens to create delivery events that appear in victims’ transaction history. Each address is set to a value of 0, which allows the event to be published.
Attackers then combine this with address spoofing to potentially copy victims of the wrong forwarding address.
Fake addresses match the first and last characters of legitimate addresses.
The Nima case shows the scale these attacks can achieve, with 89 poisoning attempts in 30 minutes from just two legitimate transmissions. The automated nature means that attackers can target thousands of addresses at once when they detect the movement of a stablecoin or token on the chain.
