On April 10, Etherscan, a block explorer for the Ethereum blockchain, informed a feature designed to protect users from scams.
Etherscan to hide zero-value transfers
To protect users from scams known as address poisoning attacks, Etherscan announced that it will hide zero-value token transfers by default. While the site previously greyed out zero-value transactions, the new feature completely hides them, as shown below.
A scammer uses an address poisoning attack to create a “spoofed” address that is nearly identical to one with which their target has previously transacted.
The scammer then sends zero-value transfers to the target’s address using the spoofed address. The target may be confused by the two similar addresses and send funds to the spoofed address inadvertently.
Because this method relies on user error and is a type of phishing, concealing transactions with no value can make the scam far less appealing to its victims. Etherscan stated that preventing scams in a neutral manner is a “never-ending cat-and-mouse game,” and that it recognizes the value of “uncensored” blockchain records. As a result, users will be able to toggle the option in settings, according to the company.
Zero-value attacks are increasingly common
The type of scam in question has received increased attention in the crypto industry. Zero-value transfer phishing and related attacks have resulted in up to $32 million in ETH thefts, according to X-explore and WuBlockchain. In January 2023, the Ethereum-focused wallet Metamask issued a warning about address poisoning scams and advised users on how to protect themselves.