TP Courses 33 — Be Wary of Approval Scams!

What is the Approve?

Dapps in most of blockchains (ETH, BSC, HECO, OEC, Polygon and Tron) involve contract operations, which means that the contract address is allowed to withdraw the user’s tokens.

Here is an example for better understanding:
I need to rent an flat , and I asked A, who works for a real estate agent, to help me find a flat. So, I entrusted my money to A’s company. If A made the excuse that he had found a flat and needed to pay the rent to “Landlord B”, so he transferred my money directly from my account to “Landlord B” and then ran away.

How scams are implemented in blockchain?
During the operation, if a Token transfer is authorized to a malicious contract, it is equivalent to this contract being able to take your token for collateral or other malicious operations. (refer to above example)

The DeFi on the Ethereum and EVM chains are well known to the general public. For example, some famous Dapps like Uniswap, Curve, Banlancer with simple operatio and multi-function are also convenient to list tokens . So, there are likely to be some scammers using these platforms to do evil, and every time we perform a token exchange (especially with some new tokens) There may be a risk.

So, please keep an eye on [Operation Type] and [Approve Limit] each time you use swap operation. (Token Approval is equivalent to sign an agreement, where the maximum number of tokens that can be used is X. If you require more than X number of tokens again, it will trigger a second approval, all of which can be seen through the TokenPocket wallet.)

In some of the new scams that have emerged, scammers upgrade the approval of the contract (backdoor), while monitor the user’s wallet on the chain at the same time. Once large assets are found, they will transfer tokens.

How to prevent scams?
1) Don’t use DApps from unknown sources, and don’t authorize them at will;
2) Use regularly a cleanup authorization tool such as DeBank to clean up your authorization;
3) Create a new wallet. Transfer the Token to the new wallet address after cleaning the authorisation and other operations, which is safer because it has no approval history.
(Note: Approval cleanup does not mean absolute security either, there are no tools on the market that can guarantee complete cleanup.)

--

--

--

Crypto&DeFi Wallet on BTC, ETH, BSC, HECO, TRON, Polkadot, Kusama, Klaytn, HSC, EOS, etc. APP download link: https://www.tokenpocket.pro/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to quickly find out about Rivermen’s pawn?

Introducing globaliD

Taking Back Your Privacy: The Basics

Edge Authentication and Token-Agnostic Identity Propagation

Simplified login flow, demonstrating passports & passport actions

Lobster Daily #221 – Daily Recap – November 27:

{UPDATE} SpeedBoard 3D Hack Free Resources Generator

The State of Login in 2017 — LastPass to the Rescue!!

{UPDATE} Spelling Book Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TokenPocket

TokenPocket

Crypto&DeFi Wallet on BTC, ETH, BSC, HECO, TRON, Polkadot, Kusama, Klaytn, HSC, EOS, etc. APP download link: https://www.tokenpocket.pro/

More from Medium

Win a valuable NFT with Decentralotto and DEXKIT!

The Crypto You — Be Anyone, Do Anything

How to get some Avax for Binance users

Cyberclassic.io has PASSED a CERTIK Smart contract audit