The zero-value token transfer attack is a fraudulent technique in which an attacker impersonates an Ethereum address using the same first and last few characters as the victim's address. This can deceive the target into believing that they are interacting with a familiar address and instead send funds to the attacker's wallet.
What should I do as a user?
If you see muted token transfers in Etherscan, keep calm. Your wallet is fine and your keys are safe. Take note of the below to stay protected from this attack:
Be cautious when interacting with addresses that are involved in a zero-value token transfer.
- On Etherscan, these transfers are muted and marked with a grey warning icon.
- On wallet apps, make sure to double-check that the addresses displayed exactly match the one you intend to interact with.
Check the addresses above and below the one you are interacting with in the Token Transfers tab, as scam addresses may impersonate the victim's address before or after it.
- Finally, always be vigilant in verifying any address that you interact with on Ethereum and other blockchains!
To learn more about Zero-Value Token Transfer Attacks, we recommend reading this two-part deep analysis article by Coinbase.
Zero Transfer Phishing - Part 1 - Attack Analysis
Zero Transfer Phishing Investigation - Part 2 - Phishing Campaigns