Blockchain explorer Etherscan has changed its default settings to protect users from address poisoning attacks.
In an April 10 update, Etherscan said it would hide zero-value token transfers in light of the phishing attacks that have targeted unsuspecting users.
Update: Zero-value token transfers are now hidden by default
In recent times, 'address poisoning' attacks have phished unsuspecting users and spammed everybody else. With this update you won’t have to see these transfers anymore!
Before ➡️ After pic.twitter.com/F93pWDUJ7a
— Etherscan (@etherscan) April 10, 2023
Users who would prefer an uncensored view of the blockchain will still be able to see these transfers by disabling the option in site settings.
Address poisoning attacks are a type of phishing scam where an attacker transfers a token with a near-zero value to the victim’s address. The attackers design these addresses to look similar to one of the victim’s recipient wallet addresses, making it easy to accidentally copy the scam address instead of the one intended when making a transfer.
Blockchain addresses are a unique sequence of numbers and letters and users often rely on the transaction history of addresses they have interacted with when making transfers. By simply copying and pasting the wrong address, without verifying all the characters in that address, many find themselves sending high-value transfers to the scammer’s address.
Victims lost $19 million from these types of attacks between late November and mid-February, according to Coinbase’s estimates.
Found a load of those on one of my accounts in etherscan the other day. The etherscan UX really confuses things.
— Sillytuna (@sillytuna) April 8, 2023
Etherscan’s move to hide these zero-value ERC-20 transfers could help fend off those types of attacks, while allowing the option to view them if the need does arise.
“Preventing scams and attacks in a neutral and scalable way is an infinite cat-and-mouse game,” said Etherscan.