MultiversX Tracker is Live!

I got scammed yesterday from something that I did last year. A lesson on wallet connections.

All Cryptocurrencies

by COINS NEWS 196 Views

I got scammed yesterday from something that I did last year. A lesson on wallet connections.

Months ago, when I was new to crypto, I connected my Metamask wallet to a site to withdraw some funds. I did this a few times actually without issues. It seemed as reliable as any exchange - pancake swap, 1inch, uniswap, raydium, etc...

The site was even verified by Haze crypto when I used it months ago, but it has since been updated and now warns of the site as a scam. the sub (rightfully) doesnt allow links to scam sites, so here is a screenshot for future refernce. I actually hadn't even used the site this year.

https://preview.redd.it/z4cj48my1sr91.png?715&format=png&auto=webp&s=9c16a80e882fc983d8e17d6b4b8e8ca748420a85

The scammers were patient. They waited until the wallet had more funds in it than it did when first connected. Around $1400 BUSD worth.

how did it happen?

I found the transaction on bscscan and traced the wallet address back to the exchange site. I remembered using it once last year, but not much more. So I decided to create another wallet and conducted some tiny transactions to try to figure out how the scam worked.

This is what I believe happened.

The wallet was connected to the exchange like any other. The exchange was audited and seemed legit. I performed tiny transaction of some BUSD and the approval request from Metamask appeared. Looking carefully, I noticed that the approval button was designed to approve THREE (3) transactions. One was the transacrtion I had made, but one of the other transactions was an authorisation for the exchange to withdraw up to $100000000 BUSD!

What the hell? I never noticed a transaction like that before. I checked my main Metamask and found the same type of authorisation last year. Shit. Somehow hidden among normal transactions I had approved a request to allow this exchange to withdraw funds whenever they fucking wanted. All they had to do was watch my wallet transactions and determine a point when they thought I currently had a lot more money than usual stored.

How to prevent in the future?

Naturally, I was concerned that I had conducted similar type transaction approval requests in the past, so I started to research how to check who/what else has access to my wallet. I fortunately fopund nothing else of concern. But I wanted to share how to check it for yourselves.

Firstly, Make sure that existing connected sites are accurate.

Anything you don't use anymore, or worse, don't recognise should be immediately removed. This is easy to do. Open your wallet, click the three dots and select 'connected sites', browse through the list and revoke anything that you don't want.

Secondly, revoke any tokens. This is likely something very few people do. And this is how I got scammed.

For Ethereum Mainnet/Binance Smart Chain, visit the site token checker on ethscan/bscscan. Enter your ETH/BSC wallet address and browse though the list. Revoke anything you no longer use.

etherscan token removal checker - Token Approvals | Etherscan

binance token removal chcker Token Approvals | BscScan

Here's a screenshot of an easy way to find connected sites via metamask.

https://preview.redd.it/sl7dcwpl1sr91.png?358&format=png&auto=webp&s=36d23228563146aaa721780ac282cf5904554dab

submitted by /u/Educational_Rope_703
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments