CZ takes aim at Etherscan for posting spam transactions from address poisoning scams, saying block explorers should completely filter out malicious transfers.
Summary
- CZ says block explorers should filter address poisoning spam.
- One user received 89 poisoning alerts in 30 minutes after two transfers.
- Attackers use lookalike addresses and zero-value transfers to deceive users.
The former Binance CEO posted on
The criticism follows an incident in which a user identified as Nima received 89 address poisoning emails in less than 30 minutes after making just two stablecoin transfers on Ethereum.
Etherscan has issued a warning about the attack, which aims to trick users into copying similar addresses from transaction history when sending funds.
“A lot of people will fall victim to this,” Nima warned after the automated attack campaign targeted his wallet.
CZ attacks Etherscan for displaying spam transactions
Xeift clarified that Etherscan hides zero value transfers by default, but BscScan and Basescan require users to explicitly click a “Hide 0 tx amount” button to remove address poisoning attack transactions.
The difference in default settings exposes some users to viewing spam that could lead to funds being sent to addresses controlled by attackers.
CZ noted that filtering could affect microtransactions between AI agents in the future, suggesting that AI could be used to distinguish legitimate zero-value transfers from spam.
Dr. Favezy emphasized that the exchanges create additional risks beyond poisoning. A 0x98 wallet trade that turned $50 million into $36,000 yesterday raised concerns about the routing and selection of liquidity sources.
“I really hope that AI agents will be able to borrow the right routers and the best sources of liquidity to avoid situations like this,” Favezy wrote.
Poisoning floods wallets with similar addresses
The attack works by initiating zero-valued token transfers using the transferFrom function. Attackers send zero-value tokens to create transfer events that appear in victims’ transaction history. Each address defaults to a trust value of 0, allowing the event to be emitted.
Attackers then combine this with address spoofing to increase the likelihood that victims will copy the wrong forwarding address.
Spoofed addresses match the first and last characters of legitimate addresses.
Nima’s case shows how widespread these attacks can be, with 89 poisoning attempts in 30 minutes from just two legitimate transfers. The automated nature means attackers can target thousands of addresses simultaneously whenever they detect stablecoin or token movements on-chain.
