Unidentified contracts sending zero balance (USDT / USDC) from customer accounts.
Incident Report for Bitpanda Custody Ltd
Posted Nov 29, 2022 - 13:56 UTC

We have analysed these "spam" transactions and we believe the spammer is trying to confuse people by sending transactions with similar addresses in the hopes that the user will accidentally send to them in future. Unfortunately the USDT and USDC contracts don't prevent someone from sending these transactions 0 value. There is no cost to our clients as the spammer is paying the gas for these transactions, but it produces noise on chain and risks confusion with addresses.
Posted Nov 29, 2022 - 10:05 UTC
We are aware that some customers have been notified of zero token balances being sent from their wallets (for USDC / USDT) by an unknown account. This is due to the way the underlying contracts work in that they allow ANY account to send zero balance from one address to another.

Funds are safe and there as been no transfer of tokens and transferring a non-zero balance is not possible without approval from the account holder first.

We are continuing to investigate.
Posted Nov 28, 2022 - 11:17 UTC
This incident affected: TrustVault.