Fake Approvals, the New Crypto Crime in Town!
Revoking Approval is one, if not the most important pillar of web3 security.
If only future victims had revoked their outdate approvals, the Atlantis loan “hacker” would not have siphonned $2,5M from unsuspecting people.
When last week, Multichain was brutally “drained” of $130M, the community has a whole was adamant that people who had given approval to it, should revoke it ASAP!
“When in doubt revoke” is a web3 security mantra.
Approvals are a silent threat to crypto wallets.
Often, Web3 users do not understand the full scope of what it means to grant “approval” to platforms they use daily, like OpenSea.
When you approve a smart contract or app, you give it permission to access your tokens, collect data, and perform actions on your behalf.
If the app is malicious or hacked, your funds and personal information could be at risk.
Revoke tools like Revoke Cash were created to safeguard people’s wallet against these risks.
It is impossible to account for the number of people and the amount of money saved over the years thanks to them.
Scammers and hackers in the crypto space are extremely crafty and perceive vulnerabilities and exploit them where sometimes no one would even see them.
That’s how they used a tool created to protect people from scams and hacks to do exactly that.
How?
With fake approvals!
Fake Approvals, A New Crypto Scam
The MO behind this scam is pretty simple but ingenious all the same.
The scammer creates fake tokens and then airdrops them to its future victims. As well as creating fake approvals to go with these fake tokens!
The victims seeing the un-granted approvals and knowing the danger linked to them will immediately think they need to revoke the approvals or it will compromise their wallets!
The moment they revoke the approval, they fall into the trap: “your wallet popup will not show that you’re sending funds, just a high fee”, said RevokeCash.
How could revoking a fake approval could end up with a loss of funds?
Well, during a revoke transacion, the fake tokens created will mint as many gas tokens as possible!
The scammer(s) will then receive these gas tokens and proceed to sell them!
Never heard of gas tokens?
If you’re not familiar with them it’s normal they are not mainstream and only available on a few blockchains!
As RevokeCash reported, in the past, as gas fees began to increase on the Ethereum network, a solution known as “gas tokens” emerged.
These gas tokens took advantage of a feature in the Ethereum Virtual Machine (EVM) that provided gas refunds during storage clearance. An example of such a token was CHI. Through this mechanism, users could generate gas tokens during periods of low fees and later utilize them during periods of high fees, effectively preserving the lower cost.
However, this unintended consequence of storage gas refunds was rendered unviable with the implementation of EIP-3529 in 2021.
Nevertheless, certain other EVM-based blockchains, like BNB Chain, continue to employ gas tokens, which has opened the door for scammers to exploit this concept.
Fake Approvals, an Already Obsolete Crypto Crime
The good news, because there are fortunately, are that:
1- The gas limit per block, approximately $60, establishes the maximum sum that can be extracted from each victim.
So although funds are still drained at least the damage done is not life-changing for the victims.
2- Revoke Cash took immediate action! Although they are already filtering out a large number of scammy approvals “a few always slip through the cracks” of their own confession.
So they decided to “disable revoking approvals if there’s an excessive gas fee”.
You will be notified that the revoking failed because it was identified as a fake token/fake approval!
These fake approvals threatened to thoroughly shake web3 security and its future, so we all rejoice that it ended up being “only” a jumpscare for the whole community!
Stay safe!
And don’t forget, “when in doubt, revoke!”
About us
Nefture is a Blockchain Security Company that secures crypto transactions!
With Nefture Security, you can get your Wallet security audit for free. Plus, enjoy the added peace of mind that comes with immediate alerts on new wallet approvals, as well as a monthly security report!
Check if your wallet is compromised now ⚡https://www.nefture.com/
