this post was submitted on 19 Nov 2023
1 points (100.0% liked)

Ethereum

5 readers
1 users here now

Resources

founded 1 year ago
MODERATORS
communick@blockchained.world
rglullis
1
What happened here? Looks like a scam attempt. (alien.top)
submitted 11 months ago by MeowMeNot@alien.top to c/ethereum@blockchained.world
2 comments fedilink hide all child comments
 

A little while ago I sent 0.5 ETH from a cold storage wallet on my Ledger to my hot wallet on Metamask.

After sending the 0.5 ETH I noticed this transaction in my cold storage wallet for a scam ERC20 token that I didn't create:

Scam TX

Here is the TXID for it: https://etherscan.io/tx/0xe30f58fe6f93a67499bb9b37cd9fe7643b1a4c2ccda6a66f1a1fb58ff64f001f

It sent the scam ERC20 token to a address that looks similar to the address that I had sent the 0.5 ETH to. The first few characters and the last few characters are the same, but the middle is different.

When I first noticed this transaction I freaked out for a minute because I thought someone had access to my cold storage wallet. Then I calmed down after I thought things through, but I want to be sure I have this right.

At some point a scammer sent me a ERC20 token through a contract. That contract was set to send the scam ERC20 token to a address that looks like a address that I send actual ETH to. Do I have that right? Am I correct in thinking that my cold storage wallet is still secure?

I am not 100% sure what the end goal of this scam is. Are they hoping that I copy the address that they sent the scam tokens to and send actual funds there?

top 2 comments
sorted by: hot top controversial new old
[โ€“] Swole_Bodry@alien.top 1 points 11 months ago

NEVER interact with a scam ERC-20 token. They can have malicious code that can withdrawal all your funds.

[โ€“] atrizzle@alien.top 1 points 11 months ago

Your cold wallet is safe. This "scam" is called "address poisoning", and it exploits the fact that etherscan.io uses log events from ERC20 tokens to show users their ERC20 activity.

The scammer here created a contract that allows them to create an ERC20 Transfer event and simply used your address string in the "from" field of the event log. They do, however, control the address in the "to" field of the event log, and their hope is that you will not realize that this is fake, and send tokens to it in the future thinking that you've sent tokens to it in the past, especially because it looks so similar to addresses that you have actually sent tokens to.

I am not 100% sure what the end goal of this scam is. Are they hoping that I copy the address that they sent the scam tokens to and send actual funds there?

exactly