Security analysts at Slowmist revealed a new type of TransferFrom fraud on the TRON (TRX) network. They mentioned that numerous users noticed that their addresses received the so-called zero transfer, i.e., transactions of zero value. After that they became victims of scammers.
The nature of the attack
According to the users who suffered from the recent break-in of TRON wallets, they received 0 USDT transfers from unknown addresses beforehand. These transactions were displayed in the history of users of the TRON network, and in each case, the TransferFrom function was automatically called.
By clicking on this random transaction overview, the wallet owner initiated a process function that allowed an address starting with TCwd to transfer 0 USDT. All transactions were from the same wallet vault. No single transfer exceeded an amount of $0.001. This reminded the experts at Slowmist of a similar airdrop scam consisting of addresses with the same final numbers.
Thanks to TransferFrom, it is possible to initiate a 0 USDT transfer from any user account, because the token contract function does not require that the approved transfer amount be greater than zero. This condition is used by an attacker to re-run TransferFrom actions for active users and initiate transfer events.
The experts warned: If an investor has discovered a transaction record that does not belong to him, they should be wary of the fact that the wallet has been compromised. When a user tries to change access to their wallet or reload data into it, they could be robbed. If the user's transaction history has been hijacked by an attacker, they risk losing assets by copying one of the previous transfer addresses that may have been swapped.
You can explore the solution from WL Global, which follows all the procedures that ensure the safety of the funds of users of the trading platform.