How to spot malicious DApps?

Don’t get scammed!

Learn what are the kinds of malicious DApps to protect your valuable assets.

Table of contents:

Fake DeFi liquidity mining

Malicious actors send private messages to the “to-be” victims in order to convince them to “invest”.

Image by Sophos:

If you open the DApp, you are presented with the so-called “mining pool” data so they can deceive you that what you see is real.

If you transact with the malicious DApp, you are about to give unlimited approval of tokens (usually USDT, USDC, BUSD, DAI) to the scammer’s wallet or smart contract.

If you confirm that transaction, the scammer can simply take away your tokens at any moment. That’s why the victims get confused as to why their tokens suddenly vanished randomly.

Contacting their so-called “customer support” is not recommended; they will simply ask you for more in order to “unlock/unfreeze” your “account.” Never send them anything!

Image provided by a victim

The FBI (Internet Crime Complaint Center [IC3]) has also issued a warning about this kind of scam:

Fake AI trading/arbitrage/lending

Similar to the one above, the malicious actors also reach out to the “to-be” victims.

For this malicious DApp, you are promised that you will earn thanks to their AI trading/arbitrage/lending method.

Just like the scam mentioned earlier, they also want to get approval for your tokens. So never approve it and stop interacting with the scam site!

Wallet drainer - fake NFT minting/airdrop

Were you tagged randomly on Twitter, just like this one?

Or perhaps, your favorite Discord server/Twitter/Instagram suddenly posted a mint link?

Well, be careful, and do not let the FOMO get to you! Wallet drainers are effective in stealing tokens and NFTs of a victim (hence the “drainer”).

Do not sign:

What should I do if I have already signed/confirmed malicious transactions?

Revoke the token and NFT approval immediately

Increment the counter/nonce to invalidate NFT listings/offers