Understanding Spoof Tokens and How to Avoid Being Coaxed

Understanding Spoof Tokens and How to Avoid Being Coaxed

Understanding Spoof Tokens and How to Avoid Being Coaxed

Understanding Spoof Tokens and How to Avoid Being Coaxed

Understanding Spoof Tokens and How to Avoid Being Coaxed

Read Time: 5 minutes

The safety and security of assets heavily make a difference in how much money the users make from their investments. And so here’s a security blog to stay aware and informed in Web3.

Cryptocurrencies are known for their volatility. That tells how much the asset’s price is influential in making investment decisions. There’s a catch for hackers to play with the prices and trick users for their gains. 

Anyone who is a die-hard crypto investor would have faced a situation wherein crypto token prices are manipulated to create an illusion of pessimism or optimism. This would prompt users to buy them and later find they have fallen for spoofing

So, what is spoofing? How to identify them and stay mindful to avoid seeing your money disappear in thin air? We shall have it all covered up in this blog. 

‘Spoofing’ – In A Nutshell

A widely anticipated token with so much hype that the user is awaiting to buy is finally launched, bearing the same symbol and official logo. And with great excitement, the user wants to buy them.

But how is the user convinced of the authenticity of the tokens and proceeds to make a bulk purchase of them? 

The user finds on the block explorer that the addresses associated with the token transfers are influencers/acclaimed personalities. 

Here’s where the hacker manipulated the From address of the token, making it look like it is linked to a well-known influencer’s address. Seeing this, the users fondly engage in trading those tokens believing them to be the original ones. 

Behind the scenes – How The Hacker Did This?

The transfer data in smart contracts can be easily modified. Therefore, by utilizing this, the attacker would change the From address to any other, though he/she is the one who initiates the transaction.

Let’s look at the token transfer in Etherscan for better clarity of spoof token transfers. 

In this you can see Vitalik’s address 0xab5801a7d398351b8be11c439e05c5b3259aec9b has received zkSync tokens. 

The tokens might be transferred from anyone to Vitalik’s address, which is no big deal. 

But, in this, you can see that Vitalik sends out the tokens. So, this would lure users into thinking these tokens sent by Vitalik would be a real jackpot. 

But that’s not true! Let’s find out what lies ahead!

Vitalik did not initiate the transfer, but the owner of the contract who initiated the transaction made it appear to have been sent by Vitalik. This is where the block explorer is spoofed to display the manipulated transaction, as the block explorer can only read events. 

This can be found by looking into the transaction details, which clearly shows the initiator address (0x46e7cefdfa7513d19261d1afa7ec04c13e7acefc) proceeded with the transaction manipulating it to have been done by Vitalik.  

On taking a closer look, you can find the input data is fed with Vitalik’s address. This can also be hard coded in the contract.

Further, on decompiling, we can find a non-standard transfer function which takes the input for From address and initiates the transfer event. And this is where the contract owner has entered Vitalik’s address to make it look like he is doing the transfer.

The Mishaps in Token Transfer

Here’s how the user mistakes the From address to be the address of the transaction initiator. The spoofing trick works to launch successful attacks on the user by leveraging the ERC-20 token’s design standard and Block explorer’s transparent data display. 

The ERC-20 standard’s transfer and transferFrom functions facilitate adding any arbitrary address as the sender of tokens and that the From address is changed from the contract’s initiator address. 

Block explorers like Etherscan display the From address rather than the tx initiator address, which results in the user bagging the valueless tokens. 

Any Recent Event Of Spoof Token Spam?

The recent announcement of Ukraine’s “airdrop” for rewarding cryptocurrency donations by the user was posted on the Twitter handles.

Source: Ukraine / Україна on Twitter: “Airdrop confirmed. Snapshot will be taken tomorrow, on March 3rd, at 6pm Kyiv time (UTC/GMT +2 hours). Reward to follow! Follow subsequent news re Ukraine’s crypto donation campaign at @FedorovMykhailo” / Twitter

Soon after, Ethereum’s block explorer Etherscan displayed Ukraine’s official wallet holding 7 billion “Peaceful World” tokens for the secret crypto airdrop. 

There were also activities from Ukraine’s official wallet sending tokens to the crypto wallet address that donated to Ukraine’s funds. 

But there were no details of the official airdrop event following the initial post from the authorities(as in token type or the number of tokens to be launched, etc.)

Later, blockchain analysts confirmed that the peaceful world (WORLD) tokens might be a spoof, and Etherscan tagged them as “misleading” and marked them as spam. 

This instance shows how Ukraine’s wallet address is being used to launch a fake airdrop– an instance of token spoofing

How To Avoid Buying Spoof Tokens?

The best way is to dig into the transaction details and look into whether the From address and the initiator address of the token transfer is the same.

Although not all the token transfers initiated from different addresses can be necessarily a spoof, using the ‘Token ignore list’ feature in EtherScan that lists the suspicious token in this category, users can stay alert and be watchful of the tokens they interact with. 

QuillAudits In Web3 Security

QuillAudits is a leading security firm offering protection to established and growing ventures by providing smart contract audit and due diligence services to stay vigilant against web3 hacks. 

Get in touch with our experts for a free consultation in just under 10mins: 



Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+