When using DApp, we are often required to "approve" permission or access, especially in DeFi scenarios. So, what exactly is "Approve"?
Briefly speaking, to "approve", is to allow other accounts (e.g. a regular address or a smart contract address) to transfer your assets without prior notice.
Generally, when we transfer cryptos, the transaction signature is required for authentication, to make sure these operations are made by the asset owner. However, since DApp requires frequent interaction, the platforms or devices will ask for your "approval" of the unlimited number of tokens to simplify the process, which too poses certain risks.
Recently, ViaWallet(now upgraded to CoinEx Wallet) team has received reports of USDT theft. According to the information collected, we discovered the patterns of DApp approval scam as follows:
Step 1: Phish on social media
The scammers usually post ads on Facebook to lure users, and claim that whoever joins their liquidity pool can earn daily profits steadily without any pledge.
Step 2: Trap via private chats
When users contact customer support through the contact information on ad, the fake support staff will first guide them to download ViaWallet(now has upgraded to CoinEx Wallet) and deposit USDT from Paxful, if they don't have a crypto wallet or have no wallet balance. Then, they will be asked to connect ViaWallet and approve wallet access on the scam mining website (https://whf365.com/#/).
Step 3: "Get away" with scammed assets
The victims said that they did earn profits in the beginning and thus let their guard down, hoping to earn more. Unfortunately, about 20 days later, the scammers would "get away" and transfer all assets from addresses approved by the users to other addresses, e.g. TQCpEJgb8xNVNiUogVLvBEKTDTdxu6zkuj.
Security Tips
- Be cautious of DApp approval - DO NOT approve DApps from unknown sources or with low credibility.
- Use different accounts for asset storage and DApp approval in case the DApp is attacked by hackers.
- Use plug-ins or tools to regularly check your approval list and deauthorize DApps.
- Once you detect any suspicious activities such as asset theft, make sure to create a new wallet and transfer your assets as soon as possible.
If you have any questions or feedback when using CoinEx Wallet, you can:
- Send us an email: support@wallet.coinex.com
- Submit a ticket: https://support.wallet.coinex.com/hc/requests/new
- Join CoinEx Wallet official telegram channel to send feedback: https://t.me/CoinExWallet