"Revoke" is always safe, right?

Crypto users believe they are safe when they revoke approvals, but scammers have discovered a way to exploit this feature.

"Revoke" is always safe, right? Most crypto users would say so, especially since it's often touted as a key part of Web3 wallet hygiene. But while users believe they are safe when they cancel or "revoke" token approvals, scammers have discovered a way to exploit this feature with devastating efficiency. They create fake approval scams to trick users into personally paying an expensive gas price to secure their wallets.

In their previous Web3 Wallet Security blogs, they discussed the dangers of approving smart contract transactions without fully understanding the implications, and we've also written about the importance of checking your token approvals regularly to prevent any misuse of your funds. Today, we'll be examining a new variant of crypto scam and how to avoid it.

What are fake approval scams?

Binance explains that false approval frauds use the word "revoke" to deceive customers into thinking they are reversing transaction rights granted to unfamiliar platforms or smart contracts. When customers attempt this action, they end up paying an unusually high "gas fee" to complete the transaction.

The Lure: While casually browsing their token approvals on a blockchain explorer like Etherscan or inside their wallet, the user spots an unfamiliar approval for a token they don't recognize. It looks like some unknown contract has been granted access to their valuable assets. Panic sets in as the user instinctively rushes to revoke the approval, believing they are saving their crypto from theft.

The "revoke" transaction the user triggers is real; it's a legitimate action on the blockchain, but it's designed to cost them an arm and a leg in transaction fees. The scammer, in anticipation of the user's desperate move, profits massively from these inflated transaction costs, which they planned to use for minting new tokens or another malicious action under their control. Ultimately, what the user thought was a protective move turns into an expensive mistake. The fake approval was merely bait to lure them into paying for nothing.

While these scams don's directly steal funds, they exploit the user by draining their wallet through outrageously high gas fees, leaving the rest of their assets untouched. The scammer had no intention of stealing the user’s tokens in the first place.

How to Spot and Avoid These Scams

Stay calm

Scammers rely on fear and urgency to make you act quickly and foolishly. If something seems off, take a step back, breathe, and fully assess the situation before reacting. A clear head is your best weapon against being tricked by their deceptive tactics.

Double-Check before you click

Before approving any transaction, take a moment to review the details. Does the amount look right? Do you recognize the contract address? Are there any odd warnings or unusual fees? If something feels off, triple-check with trusted sources, like the official website of the platform or community forums, to verify the transaction details.

Know your fees

Familiarize yourself with the average size of gas fees on the chains you use. If a transaction fee seems suspiciously high or unusual for the network at the time, it could be a red flag. Use tools like Etherscan's Gas Tracker, GasNow, or Blocknative's Gas Estimator to monitor real-time gas prices and estimate the expected costs before proceeding.

Constantly educate yourself

Scammers are constantly devising new tricks, but knowledge is your strongest defense. The more you understand about emerging threats and best practices for online safety, the better equipped you are to spot red flags and avoid these scams. Stay updated with Binance Academy for the latest information and tips. You can also delve into our Web3 Wallet Security series for deeper insights into the latest scams and how to stay safe.

Scammers thrive on urgency, but a little vigilance goes a long way. The best defense against these deceptive tactics isn't just knowing they exist, but staying one step ahead in the ever-evolving landscape of Web3 security.