Don’t get scammed!

Learn what are the kinds of malicious DApps to protect your valuable assets.

Table of contents:

• Malicious DApps
  • Fake DeFi liquidity mining
  • Fake AI trading/arbitrage/lending
  • Wallet drainer - fake NFT minting/airdrop
• What should I do if I have already signed/confirmed malicious transactions?
  • Revoking approval
  • Incrementing OpenSea counter/nonce

---

Fake DeFi liquidity mining

Malicious actors send private messages to the “to-be” victims in order to convince them to “invest”.

Image by Sophos: https://news.sophos.com/en-us/2022/05/17/liquidity-mining-scams-add-another-layer-to-cryptocurrency-crime/

If you open the DApp, you are presented with the so-called “mining pool” data so they can deceive you that what you see is real.

If you transact with the malicious DApp, you are about to give unlimited approval of tokens (usually USDT, USDC, BUSD, DAI) to the scammer’s wallet or smart contract.

If you confirm that transaction, the scammer can simply take away your tokens at any moment. That’s why the victims get confused as to why their tokens suddenly vanished randomly.

Contacting their so-called “customer support” is not recommended; they will simply ask you for more in order to “unlock/unfreeze” your “account.” Never send them anything!

Image provided by a victim

The FBI (Internet Crime Complaint Center [IC3]) has also issued a warning about this kind of scam: https://www.ic3.gov/Media/Y2022/PSA220721

Fake AI trading/arbitrage/lending

Similar to the one above, the malicious actors also reach out to the “to-be” victims.

For this malicious DApp, you are promised that you will earn thanks to their AI trading/arbitrage/lending method.

Just like the scam mentioned earlier, they also want to get approval for your tokens. So never approve it and stop interacting with the scam site!

Wallet drainer - fake NFT minting/airdrop

Were you tagged randomly on Twitter, just like this one?

Or perhaps, your favorite Discord server/Twitter/Instagram suddenly posted a mint link?

Well, be careful, and do not let the FOMO get to you! Wallet drainers are effective in stealing tokens and NFTs of a victim (hence the “drainer”).

Do not sign:

• token & NFT approval

  

  token-and-nft-approval941×800 68 KB

• unreadable signature

  

  image463×806 26.9 KB

• OpenSea Seaport signature (not unless you are legitimately trying to sell your NFT on OpenSea)

  

  image466×807 37.6 KB

---

What should I do if I have already signed/confirmed malicious transactions?

Revoke the token and NFT approval immediately

• Use https://revoke.cash/
• Alternatively, if you know the specific chain where you gave approval, then use the following:
  • Ethereum: https://etherscan.io/tokenapprovalchecker
  • Binance Smart Chain: https://bscscan.com/tokenapprovalchecker
  • Polygon: https://polygonscan.com/tokenapprovalchecker
  • Arbitrum: https://arbiscan.io/tokenapprovalchecker
  • Avalanche: https://snowtrace.io/tokenapprovalchecker

Increment the counter/nonce to invalidate NFT listings/offers

• Go to OpenSea’s Seaport contract: https://etherscan.io/address/0x00000000006c3852cbef3e08e8df289169ede581#writeContract
• Connect your wallet (choose “Connect to Web3”)
• Scroll down and find 7. incrementCounter (0x5b34b966)
• Select it and press the “Write” button
• Confirm the transaction