Recently, our on-chain risk monitoring has found frequent 0U transfers on the TRX, ETH, and BSC chains. Take the transaction data of the bsc chain in the following figure as an example. After victim A sends a normal transaction and sends 452 BSC-USD to B, It will receive the 0 BSC-USD transferred from C. At the same time, in the same transaction hash, user A will transfer 0 BSC-USD to C uncontrollably (realizing the "one-to-one" 0 BSC-USD transfer operation)
In fact, users who encounter this situation don’t need to be nervous. Everyone’s assets are safe, and the private key has not been leaked. Just need to carefully confirm the address and be careful not to transfer the wrong account. The hacker’s method is very simple:
1. Monitor the transfer information of several stablecoins on the chain, and capture the transfer information normally sent from victim address A to user B.
2. Carefully construct a hacker address C that is consistent with user address B, so that victim A and hacker address C transfer 0U to each other.
3. When victim A carelessly directly copies the address of the historical transaction in the next transfer, it is easy to mistakenly copy it to the address C prepared by the hacker, thereby transferring the funds to the wrong account.
Analysis of technical principles
The token attacks on the bsc chain mainly include BSC-USD, BUSD, USDC, ETH, etc. Most of them call the transferFrom() function in batches through the attack contract, and there are also cases where the transfer() function is called manually and for the main currency. Basically the same. In a transaction in which the attacker calls the attack contract, the attack contract only calls the transferFrom() function of BSC-USD. By filling the parameters with sender, recipient, and amount, the transfer of 0 USD between any addresses can be controlled, and the authorization Approval can be generated at the same time. () and transfer Transfer() events.
For example, in the picture below: the user’s frequent transfer address is "TUahsb...JjXyp3", and the fake address is "TSeqQh...sjXyp3". They have the same tail number "jXyp3".
final summary
This article mainly introduces the address poisoning methods on the chain " airdrop with the same tail number " and "zero U poisoning" . Addresses with the same tail number are generated as fake addresses, and small amounts of Token are continuously airdropped to users using the fake addresses, so that scammers The address appears in the user's transaction records, and the user copies the wrong address without paying attention, resulting in asset loss. " TRON Helper ( trxhelp.org)" hereby reminds that since the blockchain technology cannot be tampered with and operations on the chain are irreversible, please be sure to check the address carefully before performing any operations.