Malicious smart contracts conduct transfers of zero-value tokens from victims' addresses to fake ones controlled by the attacker that closley resemble ligitimate addresses known to the victim. These transfers lack actual token exchange, enabling processing without the usual consent. This technique exploits users' tendencies to copy and paste addresses from their transaction history without thorough verification, thus luring victims to transfer funds to addresses controlled by the attacker.
