CZ goes after Etherscan for displaying spam transactions due to address poisoning scams, saying block explorers need to completely filter out malicious transfers.
summary
CZ says block explorers should filter address poisoning spam. User received 89 poison warnings in 30 minutes after two transfers. Attackers use lookalike addresses and zero-value transfers to fool users.
A former Binance CEO posted on X that while TrustWallet has already implemented this filtering, Etherscan continues to show large amounts of zero-value poisoning transactions in users’ wallets.
The criticism follows an incident in which a user identified as Nima received 89 address poisoning emails within 30 minutes after sending stablecoins twice on Ethereum.
Etherscan has issued a warning about an attack aimed at tricking users into copying similar addresses from their transaction history when transferring funds.
“So many people are going to fall victim to this,” Nima warned after an automated attack campaign targeted his wallet.
CZ tracks Etherscan to view spam transactions
Xeift revealed that while Etherscan hides zero-value transfers by default, BscScan and Basescan require users to explicitly click the “Hide zero-amount transfers” button to remove address poisoning attack transactions.
Differences in default settings leave some users exposed to spam views that can lead to funds being transferred to addresses controlled by attackers.
CZ noted that filtering could impact microtransactions between AI agents in the future, suggesting that AI could be used to distinguish between legitimate zero-value transfers and spam.
Dr. Favezy pointed out that swaps create additional risks beyond address poisoning. Yesterday, a swap from the 0x98 wallet that turned $50 million into $36,000 raised concerns about routing and liquidity source selection.
“We sincerely hope that AI agents can route through the appropriate routers and optimal liquidity sources to avoid situations like this,” Favezy wrote.
Address poisoning sends a large number of similar addresses to your wallet
This attack works by using the transferFrom function to initiate a zero-valued token transfer. The attacker sends a token with a value of 0 to create a transfer event that appears in the victim’s transaction history. All addresses default to a 0 value of approval, which allows them to publish events.
The attacker then combines this with address spoofing to increase the likelihood that the victim will copy the wrong forwarding address.
The spoofed address matches the first and last characters of the legitimate address.
Nima’s case, with 89 attempted poisonings in 30 minutes over just two legitimate transfers, illustrates the scale these attacks can reach. Being automated means that attackers can target thousands of addresses simultaneously every time they detect movement of a stablecoin or token on-chain.
