Etherscan

Etherscan hides zero-value token transfers to deter address-poisoning attacks

Address poisoning is a phishing scam that can affect users who have received unwanted tokens and don’t check their addresses carefully when sending crypto.

According to an April 10 post from Etherscan, the blockchain explorer has disabled the display of zero-value token transfers on its website by default. From now on, users must manually switch on the display from the website’s setting page. Etherscan said it had made the update to deter “address poisoning” attacks that have phished and spammed unsuspecting users. 

“Preventing scams and attacks in a neutral and scalable way is an infinite cat-and-mouse game… please feel free to share your feedback as we continue to improve.”

Address poisoning is a type of crypto scam where an attacker sends a token with near-zero or no value to a user’s address to “poison” it. Afterward, the transaction will be recorded in the soft or hard wallet’s history and can be selected when making transfers. The purpose of the scam is to trick the user into sending coins to the scam address by mistake. To do this, hackers use sophisticated software to create scam addresses that look very similar to “poisoned” addresses, with the same few beginning or ending characters.

That said, the scam is only classified as phishing. Neither the unwanted coins nor the addresses receiving such tokens can compromise users’ funds. However, unwanted nonfungible tokens, or NFTs, can potentially compromise an address through interactions, such as moving it to different accounts.

Sample of zero value tokens that will be hidden by Etherscan.

Blockchain hardware wallet firm Ledger suggests users hide their unsolicited NFT collections upon receipt. While address poisoning cannot be stopped, Ledger recommends users refrain from retrieving deposit or destination addresses from their transaction history and always double-check that each character of the destination address matches the input address when sending crypto. 

Magazine: Here’s how to keep your crypto safe

OpenSea collector fat fingers a 100 ETH bid for a free NFT

Some pundits have argued the trader mistakenly put up a bid for 100 Ether that was quickly snapped up, while others believe the sale was a wash trade.

A nonfungible token (NFT) trader has seemingly fat-fingered a bid for a free NFT, buying it for 100 Ether (ETH), currently valued at $191,239, instead of nothing.

The token was part of NFT marketplace OpenSea’s Gemesis NFT collection — free NFTs intended to commemorate the launch of OpenSea Pro on April 4. The trader’s bid is a 250,000% increase on the floor price of 0.04 ETH.

OpenSea Pro is a marketplace aggregator tailored to professional users by providing them with what OpenSea calls “a vastly improved” suite of features such as live cross-marketplace data and advanced orders.

A record of the transaction on an Ethereum blockchain explorer. Source: Etherscan

While some have argued the sale was wash trading, Twitter user “0xSun” believed the sale — which took place on the NFT marketplace Blur — occurred because the trader wanted to bid $100 but accidentally bid 100 ETH instead.

A Reddit user who posted about the sale also cast doubt on the wash trading theory, arguing it was an open offer that was available to anyone, making it too risky to be a wash trade as another trader or bot would quickly snap up an offer so far above the floor price.

“I know what you guys are thinking it was a wash trade but this was an open offer that could have been accepted by anybody, so it would be a pretty big risk hoping you were faster than anybody else looking at the offers at that moment.”

Wash trading is a form of market manipulation in which a trader buys and sells an asset to feed misleading information to the market. The practice is illegal in traditional stock markets but is very prevalent in NFT trading.

Related: NFTs in the event and ticketing industry: How can it sustain millions of users?

OpenSea acquired NFT aggregator Gem for an undisclosed amount on April 25, 2022, and refined the platform in order to create OpenSea Pro.

Only users who bought at least one NFT on Gem prior to March 31 are eligible to mint a Gemesis NFT, with the minting window set to close on May 4.

Magazine: NFT Creator, Sarah Zucker: The Sarah Show’s analog past meets dizzying digital future

Vitalik dumps $700K worth of shitcoins that he never asked for

As Vitalik Buterin’s holdings represented a large portion of the circulating supply for some of the tokens, the sales resulted in huge price drops.

Ethereum co-founder Vitalik Buterin has gone on a shitcoin selling spree, exchanging nearly $700,000 worth of tokens previously airdropped to him for Ether (ETH).

According to Etherscan, a wallet belonging to Buterin on March 7 offloaded 500 trillion SHIKOKU (SHIK) for 380.3 ETH ($595,448), nearly 10 billion Cult DAO (CULT) for 58.1 ETH ($91,021), and 50 billion Mops (MOPS) for 1.25 ETH ($1,950).

A screenshot of token transactions from Vitalik’s wallet. Source: Etherscan

Due to the low liquidity of the tokens the sales had a huge effect on their prices. The largest price drop from the tokens was SHIK, which recorded an 86% drop following Buterin’s sale according to CoinMarketCap data.

The total circulating supply of SHIK is 1 quadrillion, with the 500 trillion previously held by Buterin representing 50% of the current supply.

In May 2021 the Ethereum co-founder initiated a similar offload selling tokens such as Shiba Inu (SHIB) and Dogelon Mars (ELON) that resulted in price drops of 40% and 90% respectively.

Related: Ethereum price action and derivatives data confirm bears are currently in control

While some within the cryptocurrency community shared their frustration at Buterin’s decision to sell considering the outsized effect it had on the tokens, others suggested it was motivated by the tax implications of receiving airdrops, which are subject to income tax in most countries.

Buterin confirmed he owned the wallet in a 2018 tweet after he was accused of hoarding 75% of the supply of Ether with fellow Ethereum co-founder Joe Lubin during the token’s pre-mining sale.

How to avoid getting hooked by crypto ‘ice phishing’ scammers: CertiK

Ice phishing is a type of scam that exists only in Web3 and is a “considerable threat” to the crypto community, the firm says.

Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users that was first identified by Microsoft earlier this year. 

In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions that end up allowing a scammer to spend their tokens.

This differs from traditional phishing attacks that attempt to access confidential information such as private keys or passwords, via methods like the fake websites that claim to help FTX investors recover their lost funds.

A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing attack. An investor was convinced to sign a transaction request disguised as a film contract, ultimately enabling the scammer to sell all of the user’s Apes to themselves for a negligible amount.

The firm noted that this type of scam was a “considerable threat” and found only in the Web3 world, where investors are often required to sign permissions to decentralized finance (DeFi) protocols that could be easily faked. CertiK wrote:

“The hacker just needs to make a user believe that the malicious address that they are granting approval to is legitimate. Once a user has approved permissions for the scammer to spend tokens, then the assets are at risk of being drained.”

Once a scammer has gained approval, they are able to transfer assets to an address of their choosing.

An example of how an ice phishing attack works on Etherscan. Source: Certik

To protect themselves from ice phishing, CertiK recommended that investors use a token approval tool and a blockchain explorer site such as Etherscan to revoke permissions for addresses they don’t recognize.

Related: $4B OneCoin scam co-founder pleads guilty, faces 60 years jail

Additionally, addresses that users are planning to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address that was funded by Tornado Cash withdrawals as an example of suspicious activity.

CertiK also suggested that users should only interact with official sites they are able to verify and be particularly wary of social media sites like Twitter, highlighting a fake Optimism Twitter account as an example.

Fake Optimism Twitter account. Source: Certik

The firm also advised users to take a couple of minutes to check a trusted site such as CoinMarketCap or CoinGecko to be sure that a URL links to a legitimate site.

Tech giant Microsoft was the first one to highlight this practice in a Feb. 16 blog post, saying at the time that while credential phishing is very predominant in the Web2 world, ice phishing gives individual scammers the ability to steal a chunk of the crypto industry while maintaining “almost complete anonymity.”

They recommended that Web3 projects and wallet providers increase their security on the software level in order to prevent the burden of avoiding ice phishing attacks being placed solely on the end-user.

You can now search ETH addresses on Google — But what about Bitcoin?

While Google’s feature appears to be good for crypto adoption, a chief investment officer says a move from Apple would make the “crypto industry go from 100 miles an hour to 250 miles in a heartbeat.”

Google’s latest crypto feature enables some Ethereum wallet addresses to have their Ether (ETH) balances tracked straight off of the Google search engine — saving the need to make the trip to Etherscan. 

The feature was first made public by the principal of Google Ventures, Han Hua, in an Oct. 11 tweet.

But Cointelegraph’s attempt to search for a Bitcoin (BTC) address revealed a no-show on Google. Angel investor Stephen Cole was not impressed, tweeting “Does Google not know about Bitcoin?”

Cointelegraph also tried several different Ethereum addresses — most of which didn’t work. So, the functionality is very limited at present and may improve over time.

Nonetheless, recent efforts suggest Google is playing a key role in onboarding internet users to the world of blockchain-based services and Web3.

The new feature comes in addition to Google’s partnership with crypto exchange Coinbase on Oct. 11 to allow its customers to pay for cloud services in crypto, which is expected to take effect in early 2023.

Google also got in on the Ethereum Merge hype by embedding a countdown ticker until the point at which Ethereum transitioned from proof-of-work (PoW) to proof-of-stake (PoS).

Related: Near Protocol partners with Google Cloud to support Web3 devs

Speaking to Cointelegraph, Markus Thielen, chief investment officer of digital asset services platform Matrixport, said we shouldn’t be surprised by Google’s efforts in the Web3 space as both commercial banks and Web2 companies continue to do an “enormous amount of work in the background,” adding:

“This crypto winter is clearly different as established firms continue to deploy their balance sheet [to crypto investments] and might even leapfrog the incumbents.”

But while Google’s efforts are welcome, Thielen believes a mass adoption event for Web3 could come “when the iPhone can be used as a crypto wallet.”

“If and when this happens, the crypto industry will go from 100 miles an hour to 250 miles in a heartbeat,” he added.

Community reaction

Vittorio Rivabella, developer relations manager of Web3 development platform Alchemy, said the news of Google’s new Ethereum address search feature was “bullish.”

However, SadPanda.blockchain, the former editor-in-chief at Web3ArtBlog.NFT, wasn’t so thrilled with the news, arguing that Google “will sell our blockchain data to advertisers in order to target us via our wallets!”


Ethereum gone wrong? Here are 3 signs to keep an eye on during the Merge

The Ethereum merge is fast approaching and those with assets at stake should keep a close eye on the following data sources.

The assumption that Ethereum will just transition to a fully functional proof-of-stake (PoS) network after the Merge somewhat ignores the risk and effort necessary to move an asset that has a $193 billion market capitalization and 400 decentralized applications (DApps).

That is precisely why monitoring vital network conditions is essential for anyone willing to trade the event, which is scheduled for Sept. 14, according to ethernodes.org. More importantly, traders should be prepared to detect any alarming developments in case things go wrong.

Apart from the $34.2 billion in total value locked in smart contracts, another $5.3 billion in Ether (ETH) is staked on the Beacon Chain. The network is currently used by many tokens, oracle providers, stablecoins, layer-2 scalability solutions, synthetic assets, nonfungible items (NFT), DApps and cross-chain bridges.

This partially explains why the Merge has been postponed multiple times through the years and why it is deemed to be the most significant upgrade in the history of the network.

For this reason, three different testnets have undergone the Merge, with Goerli being the latest on Aug. 11. Curiously, minor issues were presented on all testnet implementations, including Ropsten and Sepolia. For instance, Ethereum developer Marius van der Wijden noted that “two different terminal blocks and lots of non-updated nodes” slightly slowed the process down.

The core of any blockchain network are its blocks

It doesn’t matter what the consensus mechanism is: All blockchains rely on new blocks being proposed and validated. There are established block parameters that must be followed even to be considered by the network participants.

In the case of the Ethereum Merge, an epoch is a bundle of up to 32 blocks that should be attested within six and a half minutes. Actively monitoring the Eth2 Beacon Chain mainnet from reputable sources like BeaconScan by Etherscan and Ethscan ETH2 Explorer by Redot is important.

Ethereum Beacon Chain epochs and blocks. Source: EtherScan

Red flags on this monitor would be low voting participation on the epochs, the lack of finality after thirteen minutes (2 epochs) or a grinding halt on proposed blocks.

Monitoring Infura’s Ethereum 2.0 API

Infura provides infrastructure for building decentralized applications, allowing developers to deploy their solutions without hosting their own full Ethereum node. The company is fully owned by the Ethereum venture capital group ConsenSys, which is controlled by Joseph Lubin.

According to Infura’s website, projects relying on its infrastructure include Uniswap, Compound, Maker, Gnosis, Brave, Decentraland and Web3 wallet provider MetaMask.

Infura API status page. Source: Infura

Thus, monitoring Infura’s API is a good starting point to evaluate DApps’ performance. In addition, their status page should reliably display real-time updates, considering how closely tied Infura works with the Ethereum ecosystem.

Related: ETH Merge, CoinGecko co-founder shares strategy for forked tokens

Slashings, are validators being penalized?

The Ethereum Merge consensus mechanism has embedded penalty rules designed to prevent attacks. Any validator deliberately misbehaving is slashed, meaning part of its respective 32 ETH stake is removed. Repetitive slashes will eventually cause the validator to be ejected from the network. Staking providers and the validator software have built-in protection to prevent someone from accidentally being slashed, for example, if their connection went down.

Slashed validators info. Source: BeaconScan

Traders need to understand that slashing is a standard action of the network, a protective measure, so it should not immediately be deemed unfavorable. A worrisome environment would be hundreds of validators being slashed simultaneously, potentially indicating that their software is not functioning as it should.

There are over 410,000 active validators, so even if 20% or 30% of them eventually went offline, the network would continue as designed. Monitoring slashing is a preemptive measure because it likely indicates that some service, such as a hosting provider, has gone offline or some incompatibility arose during the Merge.

Ethereum advocates should consider monitoring external data instead of just their own node and server. There could be delays or even erroneous warning signs, so using multiple sources of information could help one avoid being misled by data from a single website or a post on social networks.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.