Every time I make an ERC-20 token transaction, it shows 2 transactions in the transaction history, one is called transfer and the other sent. Both have the same amount and different fees. Could one of them be an internal transaction? That’s all right?
Thank you for your response
Hi @Kangen,
from your description, it looks like you are a target of address poisoning attack.
Please, find more information in this thread: Has my trezor been hacked ?
You can find more information on address poisoning attack in this article: https://trezor.io/support/a/address-poisoning-attacks
Remember that attackers do not have your private keys. If you will not send funds to the fake address yourself, they cannot steal your funds.
hi. Pardon my ignorance but this is an issue with the Etherem protocol in general or specific to Trezor? Almost every ERC20 transaction we receive is now “duplicated” a day later. Also seeing fake “spend” transactions.
Is it better to create a new wallet and move the tokens or will it be a problem whatever wallet you use?
Hi @ranger1,
I can confirm that these attacks are possible due to the characteristics of the Ethereum network and it is not connected specifically to Trezor. Other apps that use the ETH network can be also affected.
Moving your tokens to a different ETH account can work. However, please keep in mind that the Ethereum network can be publicly seen. It means that scammers can see that you are moving your funds to a different account and they can continue with these address poisoning attacks on your new ETH account.
The best protection is to have an idea of how these attacks work so you can recognize them. Remember, that if you do not send your funds to the fake ETH address from the fake transaction, you cannot lose the funds. Always double-check the whole address before signing the transaction on the display of your Trezor and never copy the address from your transaction history.