Possible exploit issue with the way Geth displays the "internals transaction" tracing

[mtbitcoin]

Geth version: 1.9.18
OS & Version: Windows

This is related to the issue reported on https://twitter.com/r_ross_campbell/status/1297508597958692865?s=20

A user was able to spoof a call showing a 10k ether transfer on Rinkeby via https://rinkeby.etherscan.io/address/0x0c62da719a00659661e8c08c629897eddc72067f#code

To trace "internal txns" in geth we use the call tracer
(https://rinkeby.etherscan.io/vmtrace?txhash=0x7f8deeaff1618c372f14f3153b154d8bdd0f11816c85b2c9b3dca32cc042cf02&type=gethtrace2) which show an incorrect value of 10k ether.

The openEthereum (Parity) client however does not have this issue. A possible attacker could use this to spoof transfers to a 3rd party that solely relies on the debug_traceTransaction (callTracer) to check for internal txn transfers ether transfers taking place. This issue also affects any other explorers/exchanges/projects that rely on the same tracer

[mtbitcoin]

For context when we did a similar trace_transaction via OE (Parity) for the same transaction hash and the result shows a correct 0 value Eth transfer instead of 10k