How scammers can stole your NFTs and funds by using token approval feature?
Users who are using non custodial wallets like metamask and trustwallet may know about this new tokens approval feature, token approval feature is used to avoid gas fee. For example you have a 10 NFTs in you collection of a same project so when you tried to sell a nft from this OpenSea ask you to confirm the transaction and grant them approval to transfer this NFT to buyer, there are to options you can approve for all NFTs or a single NFT if you approved for all next time they will not charged you any gas fee for remaining NFTs because there is no need to confirm the transaction again just sign it again and its done
Token approval feature is in its beta right now I am still learning about it I am not sure about which transaction is gas free or which is not but I am sure purpose of this feature is to avoid paying gas fee again and again for repeated transactions, anyway my main reason of writing about it is how scammers are using this feature to stole nft and funds from your wallet because I recently lossed the Most valuable NFT in my collection
Scammer mostly designed websites and offers you to mint NFTs for free when you connect your wallet they asked you to confirm the transaction by doing that they get access to a specific NFTs Collection in your gallery or may be any cryptocurrency coin in your wallet, remember if you confirmed a transaction to a scammer and signed it they will get permission to transfer a specific nft or coin forever until you revoked the approval manually. As you know There is no way to reverse the transaction on Blockchain so if something stolen or drained from your wallet nobody can help you not even NFTs trading platforms like OpenSea and MagicEden or not even wallets support teams like metamask and trustwallet
The only solution is be careful only intract with legitimate websites or try to by sell NFTs only on well known NFTs trading platforms like OpenSea not try to mint a free NFT from any unknown site or link, that's why these NFTs platforms are developed or designed otherwise if it's possible to trade NFTs person to person privately there is no need to use these platforms, so be relex don't try to mint or get useless NFTs in free Airdrops or free minting just stay with verified, legitimate and well known artists or projects that's enough to avoid all losses or scams. Nobody can get access to your wallet until someone have your seed phrase so all you need is to avoid tactics of scammers, check all the details and permissions carefully every time when you need to confirm or sign a transection from your wallet. If you sign a transection to a scammer its not enough to disconnect the his website from your wallet you need to use etherscan.io to revoke all unauthorized and unwanted token approvals
If you found this article informative, please give an upvote and reblog
For more useful posts please visit zaibkang/Posts
Download our application from Ecency.com
gif by @doze
Posted Using LeoFinance Beta
Scammers are getting smarter and would exploit any weak link that they can find. We always have to be at least two steps ahead of them or we risk losing our valuable assets.
Congratulations @zaibkang! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next target is to reach 4000 replies.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out our last posts: