A little while ago I sent 0.5 ETH from a cold storage wallet on my Ledger to my hot wallet on Metamask.
After sending the 0.5 ETH I noticed this transaction in my cold storage wallet for a scam ERC20 token that I didn't create:
Scam TX
Here is the TXID for it: https://etherscan.io/tx/0xe30f58fe6f93a67499bb9b37cd9fe7643b1a4c2ccda6a66f1a1fb58ff64f001f
It sent the scam ERC20 token to a address that looks similar to the address that I had sent the 0.5 ETH to. The first few characters and the last few characters are the same, but the middle is different.
When I first noticed this transaction I freaked out for a minute because I thought someone had access to my cold storage wallet. Then I calmed down after I thought things through, but I want to be sure I have this right.
At some point a scammer sent me a ERC20 token through a contract. That contract was set to send the scam ERC20 token to a address that looks like a address that I send actual ETH to. Do I have that right? Am I correct in thinking that my cold storage wallet is still secure?
I am not 100% sure what the end goal of this scam is. Are they hoping that I copy the address that they sent the scam tokens to and send actual funds there?
Your cold wallet is safe. This "scam" is called "address poisoning", and it exploits the fact that etherscan.io uses log events from ERC20 tokens to show users their ERC20 activity.
The scammer here created a contract that allows them to create an ERC20
Transfer
event and simply used your address string in the "from" field of the event log. They do, however, control the address in the "to" field of the event log, and their hope is that you will not realize that this is fake, and send tokens to it in the future thinking that you've sent tokens to it in the past, especially because it looks so similar to addresses that you have actually sent tokens to.exactly