Don’t get scammed!
Learn what are the kinds of malicious DApps to protect your valuable assets.
Table of contents:
- Malicious DApps
- What should I do if I have already signed/confirmed malicious transactions?
Fake DeFi liquidity mining
Malicious actors send private messages to the “to-be” victims in order to convince them to “invest”.
Image by Sophos: https://news.sophos.com/en-us/2022/05/17/liquidity-mining-scams-add-another-layer-to-cryptocurrency-crime/
If you open the DApp, you are presented with the so-called “mining pool” data so they can deceive you that what you see is real.
If you transact with the malicious DApp, you are about to give unlimited approval of tokens (usually USDT, USDC, BUSD, DAI) to the scammer’s wallet or smart contract.
If you confirm that transaction, the scammer can simply take away your tokens at any moment. That’s why the victims get confused as to why their tokens suddenly vanished randomly.
Contacting their so-called “customer support” is not recommended; they will simply ask you for more in order to “unlock/unfreeze” your “account.” Never send them anything!
Image provided by a victim
The FBI (Internet Crime Complaint Center [IC3]) has also issued a warning about this kind of scam: https://www.ic3.gov/Media/Y2022/PSA220721
Fake AI trading/arbitrage/lending
Similar to the one above, the malicious actors also reach out to the “to-be” victims.
For this malicious DApp, you are promised that you will earn thanks to their AI trading/arbitrage/lending method.
Just like the scam mentioned earlier, they also want to get approval for your tokens. So never approve it and stop interacting with the scam site!
Wallet drainer - fake NFT minting/airdrop
Were you tagged randomly on Twitter, just like this one?
Or perhaps, your favorite Discord server/Twitter/Instagram suddenly posted a mint link?
Well, be careful, and do not let the FOMO get to you! Wallet drainers are effective in stealing tokens and NFTs of a victim (hence the “drainer”).
Do not sign:
-
token & NFT approval
-
unreadable signature
-
OpenSea Seaport signature (not unless you are legitimately trying to sell your NFT on OpenSea)
What should I do if I have already signed/confirmed malicious transactions?
Revoke the token and NFT approval immediately
- Use https://revoke.cash/
- Alternatively, if you know the specific chain where you gave approval, then use the following:
- Ethereum: https://etherscan.io/tokenapprovalchecker
- Binance Smart Chain: https://bscscan.com/tokenapprovalchecker
- Polygon: https://polygonscan.com/tokenapprovalchecker
- Arbitrum: https://arbiscan.io/tokenapprovalchecker
- Avalanche: https://snowtrace.io/tokenapprovalchecker
Increment the counter/nonce to invalidate NFT listings/offers
- Go to OpenSea’s Seaport contract: https://etherscan.io/address/0x00000000006c3852cbef3e08e8df289169ede581#writeContract
- Connect your wallet (choose “Connect to Web3”)
- Scroll down and find
7. incrementCounter (0x5b34b966)
- Select it and press the “Write” button
- Confirm the transaction