Key Takeaways:
- A new scam involving a fake version of Revoke Cash is in the crypto market. It imparts a sense of fear to get users to approve a contract that they shouldn’t, and as a result, users’ funds are stolen.
Revoking a smart contract is a smart contract interaction in itself. If we ever need to revoke a smart contract, we should only use websites that we know and trust and make sure first to verify that they’re the actual site. Two sites that we can trust are https://revoke.cash/ย andย https://etherscan.io/tokenapprovalchecker. These are the only official links.
Also, it will be complicated for regular users to know what is right and what is wrong. So MetaMask displays transaction insights to help users learn about the transactions we are asked to approve. For example, below is the screenshot of an actual NFT contract revocation from RevokeCash. approved: False means that the contract will no longer be approved to access our wallet after this transaction. But If it is approved: True, that would mean that this contract will then be approved to access our wallet after this transaction.
Now, let’s see an example of how this scam works. So in the Twitter Post below, a user has posted about an OpenSea vulnerability, claiming that they have lost a large amount because of approval to OpenSea API. Then he has directed us to revoke our approvals and link a scam website to do so.
When we connect to the specified site, it runs a script to determine our highest value assets. Below is the screenshot of the script. When we load the page, this script will execute and display approvals to OpenSea API for anything the scammers are interested in stealing.
Clicking the revoke
button prompts the user to setApprovalForAll
, the same as we would expect from the real http://revoke.cash. However, the actual site calls setApprovalForAll with a false flag, and this one sets it to true. It’s setting an approval for the scammer’s wallet to move that collection of the user.
Here is anย exampleย of similar attack explained by the Twitter userย quit.pcc.eth.