explorer icon indicating copy to clipboard operation
explorer copied to clipboard
verified publisher icon hirosystems

Differentiate poison attack address from legit address easier

Open Hero-Gamer opened this issue 4 weeks ago • 4 comments

Is your feature request related to a problem? Please describe. Poison attack.

Image

https://explorer.hiro.so/address/SPVFPBKNRG1XVTB7F4ZZ673T33QEAACWV3NTAVHM?chain=mainnet

Describe the solution you'd like Display more letters/numbers on each side of stacks address, 5 on left side, and 6 on right side (currently 4 on left, 5 on right), so I can at a scan not miss that they are different addresses, thereby spot the poison attack easier.

Currently, at a scan, with 1 number/letter difference, it is too easy to get confused for the user.

Describe alternatives you've considered idk. Hide the poison address or something.

Additional context na

Hero-Gamer avatar Dec 03 '25 04:12 Hero-Gamer

EXP-190

linear[bot] avatar Dec 03 '25 04:12 linear[bot]

@Hero-Gamer what do you suggest? how many characters are enough to reduce confusion?

andresgalante-stacks avatar Dec 04 '25 15:12 andresgalante-stacks

I actually think a better more wholistic solution would to move all poison attack transactions into a SPAM tab, or folder. I do not even wanna see it on my main transaction history. I wrote it here: https://x.com/herogamer21btc/status/1996654171001340273?s=20

In terms of number of characters, I believe, showing minimum 5 characters on the left, and 6 characters on the right should suffice.

Though I'd like to see it in action to see if the attacker mimic so closely even more characters, then we might need to add more on each side.

Hero-Gamer avatar Dec 04 '25 18:12 Hero-Gamer

Hi @Hero-Gamer, thanks for bringing this to our attention. As you mentioned, I don't think adding more characters is the right solution here. These spam patterns can become more sophisticated over time, and while adding one character might solve the issue now, we’d likely need to keep increasing it later, eventually making truncation obsolete. Displaying 4 characters at the beginning and 5 at the end is already a common standard across other explorers and wallets.

What we really need is a separate approach to identifying these poison attacks, and I agree that your suggestion of filtering them out of the main transaction list is a better direction.

@andresgalante-stacks, can we look into whether there’s an easy way to detect spam transactions?

ginny-stacks avatar Dec 11 '25 16:12 ginny-stacks