Detecting malicious attack transactions

[TheMajical]

Hi
I'm trying to analyze USDT transactions on TRON network so I store them as a document in my local database.
There are type of transactions that their value is so much big and unbelievable, so I checked some of them in explorers like TronScan and I've noticed that they mark these transactions as "suspected malicious attack " and set their value to 0.
Here is an example:
** TRON Scan detail **
https://tronscan.org/#/transaction/1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7

** My local database detail **

as you can see there is tokenValue field which has a fake value

Since I've received this value from my full node server
Is there any way that I can detect this type of fake transactions and avoid storing their large value?

[angrynurd]

Hi I'm trying to analyze USDT transactions on TRON network so I store them as a document in my local database. There are type of transactions that their value is so much big and unbelievable, so I checked some of them in explorers like TronScan and I've noticed that they mark these transactions as "suspected malicious attack " and set their value to 0. Here is an example: ** TRON Scan detail ** https://tronscan.org/#/transaction/1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7

** My local database detail ** as you can see there is tokenValue field which has a fake value

Since I've received this value from my full node server Is there any way that I can detect this type of fake transactions and avoid storing their large value?

hi, @TheMajical
per your comment.seems like you just encounter a suspicious TX,and you just do not want to store this kind of txs.
maybe you can use this API to detect this kind of bad txs.
invoke the API(same tx you post above):
https://apilist.tronscanapi.com/api/security/transaction/data?hashes=1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7
it return:
{"1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7":{"riskToken":false,"zeroTransfer":true,"riskAddress":false,"sameTailAttach":false,"riskTransaction":true}}
the return result contains a field 'riskTransaction', I think you can classify tx using this result.
For more details about this API ,you can visit https://docs.tronscan.org/security-service/security-service-api

[TheMajical]

Hi I'm trying to analyze USDT transactions on TRON network so I store them as a document in my local database. There are type of transactions that their value is so much big and unbelievable, so I checked some of them in explorers like TronScan and I've noticed that they mark these transactions as "suspected malicious attack " and set their value to 0. Here is an example: ** TRON Scan detail ** https://tronscan.org/#/transaction/1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7
** My local database detail ** as you can see there is tokenValue field which has a fake value
Since I've received this value from my full node server Is there any way that I can detect this type of fake transactions and avoid storing their large value?

hi, @TheMajical per your comment.seems like you just encounter a suspicious TX,and you just do not want to store this kind of txs. maybe you can use this API to detect this kind of bad txs. invoke the API(same tx you post above): https://apilist.tronscanapi.com/api/security/transaction/data?hashes=1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7 it return: {"1ebe3d234ecf467d5d046a3aa95b6574e607a614273ad1e852bd0699fd0311a7":{"riskToken":false,"zeroTransfer":true,"riskAddress":false,"sameTailAttach":false,"riskTransaction":true}} the return result contains a field 'riskTransaction', I think you can classify tx using this result. For more details about this API ,you can visit https://docs.tronscan.org/security-service/security-service-api

Thank you
This API performs efficiently in identifying suspicious transactions. However, is there a method to detect such transactions based on internal transaction fields, such as Logs?
In Ethereum-based networks, smart contract transactions are encapsulated within main network transactions. The relevant data, including contractAddress, from, to, and value, can be easily extracted from their log object. Unlike Ethereum, TRC20 transactions operate independently. As a result, we can directly access contractAddress, from, to, and value without needing to parse the Logs field. Is there an alternative approach to enhance transaction monitoring in this context?