Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detecting malicious attack transactions #119

Open
TheMajical opened this issue Apr 2, 2024 · 2 comments
Open

Detecting malicious attack transactions #119

TheMajical opened this issue Apr 2, 2024 · 2 comments

Comments

@TheMajical
Copy link

Hi
I'm trying to analyze USDT transactions on TRON network so I store them as a document in my local database.
There are type of transactions that their value is so much big and unbelievable, so I checked some of them in explorers like TronScan and I've noticed that they mark these transactions as "suspected malicious attack " and set their value to 0.
Here is an example:
** TRON Scan detail **
https://tronscan.org/#/transaction/1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7

** My local database detail **
image
as you can see there is tokenValue field which has a fake value

Since I've received this value from my full node server
Is there any way that I can detect this type of fake transactions and avoid storing their large value?

@angrynurd
Copy link
Contributor

Hi I'm trying to analyze USDT transactions on TRON network so I store them as a document in my local database. There are type of transactions that their value is so much big and unbelievable, so I checked some of them in explorers like TronScan and I've noticed that they mark these transactions as "suspected malicious attack " and set their value to 0. Here is an example: ** TRON Scan detail ** https://tronscan.org/#/transaction/1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7

** My local database detail ** image as you can see there is tokenValue field which has a fake value

Since I've received this value from my full node server Is there any way that I can detect this type of fake transactions and avoid storing their large value?

hi, @TheMajical
per your comment.seems like you just encounter a suspicious TX,and you just do not want to store this kind of txs.
maybe you can use this API to detect this kind of bad txs.
invoke the API(same tx you post above):
https://apilist.tronscanapi.com/api/security/transaction/data?hashes=1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7
it return:
{"1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7":{"riskToken":false,"zeroTransfer":true,"riskAddress":false,"sameTailAttach":false,"riskTransaction":true}}
the return result contains a field 'riskTransaction', I think you can classify tx using this result.
For more details about this API ,you can visit https://docs.tronscan.org/security-service/security-service-api

@TheMajical
Copy link
Author

Hi I'm trying to analyze USDT transactions on TRON network so I store them as a document in my local database. There are type of transactions that their value is so much big and unbelievable, so I checked some of them in explorers like TronScan and I've noticed that they mark these transactions as "suspected malicious attack " and set their value to 0. Here is an example: ** TRON Scan detail ** https://tronscan.org/#/transaction/1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7
** My local database detail ** image as you can see there is tokenValue field which has a fake value
Since I've received this value from my full node server Is there any way that I can detect this type of fake transactions and avoid storing their large value?

hi, @TheMajical per your comment.seems like you just encounter a suspicious TX,and you just do not want to store this kind of txs. maybe you can use this API to detect this kind of bad txs. invoke the API(same tx you post above): https://apilist.tronscanapi.com/api/security/transaction/data?hashes=1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7 it return: {"1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7":{"riskToken":false,"zeroTransfer":true,"riskAddress":false,"sameTailAttach":false,"riskTransaction":true}} the return result contains a field 'riskTransaction', I think you can classify tx using this result. For more details about this API ,you can visit https://docs.tronscan.org/security-service/security-service-api

Thank you
This API performs efficiently in identifying suspicious transactions. However, is there a method to detect such transactions based on internal transaction fields, such as Logs?
In Ethereum-based networks, smart contract transactions are encapsulated within main network transactions. The relevant data, including contractAddress, from, to, and value, can be easily extracted from their log object. Unlike Ethereum, TRC20 transactions operate independently. As a result, we can directly access contractAddress, from, to, and value without needing to parse the Logs field. Is there an alternative approach to enhance transaction monitoring in this context?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants