A new exploit leveraging the zero-transfer mechanism in token contracts has emerged, allowing attackers to deceive users by initiating zero-value transactions. The exploit takes advantage of the TransferFrom function, which does not require the transfer amount to be greater than zero, enabling attackers to trigger transfer events from any user account without authorization. This method is used to flood active users with zero-transfer operations, creating misleading transaction histories. In one instance, a phishing contract executed a transaction targeting hundreds of wallet addresses with zero-value transfers. When a targeted wallet conducted a legitimate USDT transfer, it was immediately followed by numerous tailing transactions, further polluting the transaction history. The attackers rely on users mistakenly copying similar-looking wallet addresses from their transaction history, potentially leading to misdirected transfers.