DEFI — Risks of scams, loss of funds, and how to prevent them?
The world of blockchain is full of opportunities, but it also has its fair share of dangers and scams.
We’ve all heard about project collapses, disappearing developer teams, and even those remove liquidity pools that vanish your money into thin air, right?
But hold on tight because here comes the grand finale of scams — the direct depletion of funds from your beloved wallet.
Yes, you read that right, it’s like magic. Your precious funds can simply vanish into thin air, leaving you stunned and bewildered. It may sound absurd, but believe it or not, it often happens without any action on your part.
Imagine this: You’re happily transferring your tokens to someone else’s wallet or simply checking your balance on Metamask, and then, out of nowhere, BAM! Your balance takes a nosedive and drops to a big fat $0.00 USD.
Poof! It’s gone. No more ETH or stablecoin in your wallet. Even the funds you just deposited disappear into the air.
Have you ever encountered such a situation?
If so, you must be wondering how on earth scammers can withdraw your funds without any interaction from your side. Well, buckle up and join me as we unravel this mystery today.
The Power of the “Approve” Button
First, it’s important to emphasize that when interacting with any DEFI application, especially when performing actions like swapping, farming, or staking, you will always encounter an “Approve” button. You are required to click on it before executing any actions.
By doing so, you grant full permission to the DEFI applications or DApps (Smart contracts) to access and interact with your funds.
Essentially, you are calling the “Approve” function in ERC20/BEP20 contracts, which allows the contract to spend your funds within the limit you set.
However, for newcomers or those unfamiliar with Metamask’s “Allowance Token” function, they simply click “Approve”, and the limit is automatically set to “Unlimited”. This means you are enabling the smart contract to spend your funds in the future, without any restrictions.
This can lead to unexpected consequences. One day, the scammer behind a Meme/Hidden gem project you have invested in decides to withdraw all the liquidity and vanish. They remove liquidity, lock selling, or set a 99% selling tax.
At this point, all your tokens in that project become worthless since they can no longer be exchanged. But that’s not the worst part.
What’s even worse is that the scammer will check your account for other remaining tokens such as Stablecoin, BTC, ETH, and withdraw them all because you agreed to it in step 1 before executing any actions.
Now you’re in trouble.
The “Token Allowance” number in these contracts is often set very high, far exceeding the necessary amount and your balance at that time. Even if you deposit more funds into your wallet after performing those actions on the DEFI application, you will still lose everything.
For example, if you have been using that DEFI application for a year but just deposited an additional 500 USDC today, they can take it all as long as you have ever clicked the “approval” button, which you did before.
So, how can you deal with scammers and prevent such incidents?
First, it’s an unfortunate fact that recovering stolen funds from crypto wallet hacks, including MetaMask, is virtually impossible.
Therefore, if you suspect a hacker has gained access to your MetaMask account or is attempting to do so, your immediate response should be to transfer all your assets to another wallet.
Forget about that compromised wallet and never use it again, as it may contain malware designed to track your assets in the future.
Second, only perform transactions on audited and trusted DEFI applications or DApps.
Third, set “Token allowances” on your wallet.
Approving spending limits helps wallet users maintain control over DApps when granting them access to their wallet. Setting limits prevents these applications from spending beyond the permitted amount, thus avoiding asset losses when connected to an untrusted source.
You can find detailed instructions on how to execute this here.
Lastly, for projects where you accidentally granted approval without caution, there are two ways to prevent further risks:
- Transfer all funds to another wallet immediately, just like the first one.
- Review the approved tokens and promptly remove the allowances using apps like Revoke.cash or approved.zone to check and revoke approvals.
In conclusion
Always prioritize the security of your crypto assets. When using DEFI applications, follow established security protocols. The more consistently you do this, the lower the risk of falling victim to scams.
Avoid rushing through tasks and leaving loopholes for scammers to exploit. Don’t be careless.
If you have any other security tips or updates you’d like to share, please let me know. I hope this article helps you navigate the blockchain environment safely.
