CZ goes after Etherscan for displaying spam transactions from address poisoning scams, stating block explorers should filter out the malicious transfers completely.
Summary
- CZ says block explorers should filter address-poisoning spam.
- A user received 89 poisoning alerts in 30 minutes after two transfers.
- Attackers use lookalike addresses and zero-value transfers to trick users.
The former Binance CEO posted on X that TrustWallet already implements this filtering, while Etherscan continues showing zero-value poisoning transactions that flood user wallets.
The criticism follows an incident where a user identified as Nima received 89 address-poisoning emails in under 30 minutes after making just two stablecoin transfers on Ethereum.
Etherscan issued a warning about the attack, which aims to trick users into copying lookalike addresses from transaction history when sending funds.
“So many will fall victim to this,” Nima warned after the automated attack campaign targeted his wallet.
CZ goes after Etherscan for displaying spam transactions
Xeift clarified that Etherscan hides zero-value transfers by default, but BscScan and Basescan require users to click a “hide 0 amount tx” button explicitly to remove address poisoning attack transactions.
The difference in default settings leaves some users exposed to viewing spam that could lead to sending funds to attacker-controlled addresses.
CZ noted the filtering may affect micro transactions between AI agents in the future, suggesting AI could be used to distinguish legitimate zero-value transfers from spam.
Dr. Favezy pointed out that swaps create additional risks beyond address poisoning. A swap from the 0x98 wallet that turned $50 million into $36,000 yesterday raised concerns about routing and liquidity source selection.
“I really hope AI agents will be able to route through the right routers and best liquidity sources to avoid situations like this,” Favezy wrote.
Address poisoning floods wallets with lookalike addresses
The attack works by initiating zero-value token transfers using the transferFrom function. Attackers send 0-value tokens to create transfer events that appear in victim transaction histories. Every address defaults to 0 value approval, allowing the event emission.
Attackers then combine this with address spoofing to increase the likelihood victims copy the wrong transfer address.
The spoofed addresses match the first and last characters of legitimate addresses.
Nima’s case shows the scale these attacks can reach, with 89 poisoning attempts in 30 minutes from just two legitimate transfers. The automated nature means attackers can target thousands of addresses simultaneously whenever they detect stablecoin or token movements on-chain.
