TechFlow news, on March 18, SlowMist's Yu Xian disclosed that phishing attacks using addresses with similar starting and ending digits continue to be widespread, severely impacting the security infrastructure of the blockchain industry.
Yu Xian pointed out that poisoning attacks targeting wallet transaction histories employ various techniques. These include deploying fake token contract codes that emit forged event logs to deceive block explorers and wallets, as well as exploiting zero-value transfer transactions where the "from" or "to" fields can contain arbitrarily filled addresses—tricking users into believing these transactions originated from their own actions. Other common tactics include sending small amounts from source addresses sharing identical first and last characters, combining clipboard hijacking techniques, and spoofing well-known decentralized exchanges to generate fraudulent event logs.
Yu Xian advised users to adopt defensive measures such as leveraging wallet allowlist mechanisms, carefully verifying complete addresses, and using reputable hardware wallets for dual-factor verification.
Previous report: Within the past 14 hours, two addresses fell victim to "transaction history pollution attacks," collectively losing over $140,000.
