TP Courses 33 — Be Wary of Approval Scams!
What is the Approve?
Dapps in most of blockchains (ETH, BSC, HECO, OEC, Polygon and Tron) involve contract operations, which means that the contract address is allowed to withdraw the user’s tokens.
Here is an example for better understanding:
I need to rent an flat , and I asked A, who works for a real estate agent, to help me find a flat. So, I entrusted my money to A’s company. If A made the excuse that he had found a flat and needed to pay the rent to “Landlord B”, so he transferred my money directly from my account to “Landlord B” and then ran away.
How scams are implemented in blockchain?
During the operation, if a Token transfer is authorized to a malicious contract, it is equivalent to this contract being able to take your token for collateral or other malicious operations. (refer to above example)
The DeFi on the Ethereum and EVM chains are well known to the general public. For example, some famous Dapps like Uniswap, Curve, Banlancer with simple operatio and multi-function are also convenient to list tokens . So, there are likely to be some scammers using these platforms to do evil, and every time we perform a token exchange (especially with some new tokens) There may be a risk.
So, please keep an eye on [Operation Type] and [Approve Limit] each time you use swap operation. (Token Approval is equivalent to sign an agreement, where the maximum number of tokens that can be used is X. If you require more than X number of tokens again, it will trigger a second approval, all of which can be seen through the TokenPocket wallet.)
In some of the new scams that have emerged, scammers upgrade the approval of the contract (backdoor), while monitor the user’s wallet on the chain at the same time. Once large assets are found, they will transfer tokens.
How to prevent scams?
1) Don’t use DApps from unknown sources, and don’t authorize them at will;
2) Use regularly a cleanup authorization tool such as DeBank to clean up your authorization;
3) Create a new wallet. Transfer the Token to the new wallet address after cleaning the authorisation and other operations, which is safer because it has no approval history.
(Note: Approval cleanup does not mean absolute security either, there are no tools on the market that can guarantee complete cleanup.)