Protect Yourself from Sophisticated Crypto Scams
There’s never been a better time to stay security conscious than now when crypto is going mainstream. Large institutions like BlackRock, Fidelity, JP Morgan, and Microsoft aren’t the only ones with an interest in crypto. Seasoned scammers also want a piece of the pie.
A New Type of Scam 😱
One of their recent tactics making the rounds on Telegram allows the hacker to empty the user’s wallets without the victim needing to confirm any transaction. However, this kind of attack only affects tokens that comply with the ERC-2612 token standard.
The ERC-2612 standard supports “gas-less” transfers. So, it enables transfers for a wallet that does not hold ETH. Users do not have to approve transactions in this system. So, the trick lies in getting a user to sign a message.
An affected user claimed that he lost $600 worth of OX tokens. The loss came after the user allegedly visited what he believed to be the official Telegram channel for the token’s developer, OPNX. However, the user suffered from a phishing scheme.
How Did it Happen? 🤔
The victim said he was asked to click an icon to connect his wallet when he first joined the Telegram group to verify that he was human. This brought up a browser window, and he opened it and connected his wallet to the website.
He believed a mere connection was not a risk to his funds. However, to his surprise, all his OX tokens were gone in a few minutes. The victim said he never approved any transaction on the page. Yet, the scam was successful.
Interestingly, a visit to the Telegram group showed that it had a fake version of Telegram’s Collab.Land verification system. Blockchain data indicates that the attacker used the OX token contract’s “transferFrom” function to drain the funds. Normally, a third party can only call this feature if the user first calls “approve” via a separate transaction and specifies a spending restriction. However, there is no proof that the victim initiated such an approval.
The attacker reportedly called “Permit” on the OX token contract around an hour and forty minutes before the transfer. He marked the victim’s account as the “owner” and himself as the “spender.” The attacker also specified a “value”—the total number of tokens that could be transferred. And a “deadline,” which is the timeframe after which the permit would expire.
Protect Yourself! 🔒
The Permit function enables a third party to transfer tokens on the owner’s behalf, but only if the owner sends a signed message granting permission. It is important to pay extra attention when signing into sites. Here are some tips to protect yourself from sophisticated crypto scams:
- Ensure you are using a verified crypto platform.
- Be cautious when clicking on links or icons that ask for wallet connections or personal information.
- Double-check the authenticity of Telegram groups and channels.
- Report suspicious activities as early as possible.
Hot Take: Stay One Step Ahead of Scammers! 🚀
In conclusion, it is important to stay vigilant and informed about potential scams in the crypto world. As crypto continues to gain mainstream adoption, scammers are becoming more sophisticated in their tactics. By following these security measures, you can protect yourself from falling victim to these scams and ensure your funds remain safe.
By
By
By
By
By