New crypto scam drains users' wallets without transaction approval

New Telegram Scam Allows Attackers to Drain Crypto Wallets Without User Confirmation

A recent scam on Telegram has been reported by users and confirmed by blockchain data, in which attackers are able to drain a victim’s crypto wallet without the victim’s confirmation. This scam specifically targets tokens that comply with the ERC-2612 standard, which allows for “gas-less” transfers. However, the method does require tricking the user into signing a message.

As more tokens adopt the ERC-2612 standard, this type of attack may become more widespread.

Phishing Scam on Telegram Results in $600 Loss for User

A user contacted Cointelegraph after falling victim to a phishing scam on Telegram. The user lost over $600 worth of Open Exchange (OX) tokens after visiting what they believed to be the official Telegram group for the token’s developer, OPNX.

Web 3.0 and Its Relationship with Blockchain Technology

There has been much discussion about the concept of Web 3.0 and how it relates to blockchain technology. Some have questioned whether it exists at all, while others are curious about its potential. One thing is certain: as more tokens and platforms implement the ERC-2612 standard, the potential for Web 3.0 to become a reality increases. In the meantime, it’s important to be aware of potential scams and protect your crypto assets.

Beware of Fake Web 3.0: Telegram Group Scam Steals Funds from Unsuspecting Victim

A recent incident involving a Telegram group highlights the dangers of fake web 3.0 and the potential risks it poses to unsuspecting users. The victim, who joined the group, was asked to connect their wallet to prove they were not a bot. Believing it was safe, they did so, but within minutes, all their OX tokens were drained. It was later discovered that the group was using a fake version of the Collab.Land Telegram verification system, with a similar username and URL to the authentic one.

How to Protect Yourself from Fake Web 3.0 Scams

To avoid falling victim to similar scams, it is important to be cautious when connecting your wallet to any site. Always double-check the URL and ensure it is the authentic one. Additionally, educate yourself on how web 3.0 works and what to look out for when engaging with it. By staying informed and vigilant, you can protect yourself from falling prey to fake web 3.0 schemes.

The Future of Web 3.0: What You Need to Know

While web 3.0 technology offers many exciting possibilities, it is important to be aware of the potential risks and scams that come with it. As more and more platforms and applications adopt web 3.0, it is crucial to stay informed and educated on how to navigate this new digital landscape securely. By understanding the fundamentals of web 3.0 and staying vigilant, you can safely enjoy all the benefits it has to offer.

Understanding the Attack on the OX Token Contract Using the “Permit” Function

Approximately 100 minutes prior to the transfer, the perpetrator utilized the “Permit” function on the OX token contract, designating themselves as the “spender” and the victim’s account as the “owner.” They also set a “deadline” and “value” for the transfer, with the value being an excessively large amount.

The “Permit” function, found in lines 116-160 of the ERC20.sol file, allows a third-party to authorize token transfers on behalf of the owner, but only after receiving a signed message from the owner granting them permission.

This setup suggests that the attacker somehow convinced the owner to sign a message, as opposed to a traditional token approval. When confronted, the victim admitted to attempting to access the site a second time and noticing an “additional signing dialogue” that they must have unknowingly confirmed the first time.

The “Permit” function is a newly implemented feature in some token contracts, following the ERC-2612 standard. This allows for transactions by wallets without holding ETH. OpenZeppelin, a Web3 developer, explains that the function’s purpose is to:

In the future, this functionality could enable wallet developers to create user-friendly wallets specifically for stablecoins. However, upon investigation, Cointelegraph has discovered that scammers are also exploiting this feature to deceive users into giving away their funds. Web3 users should be cautious, as attackers can drain their funds even without an approval transaction, as long as they sign a message granting the attacker this ability.

Cointelegraph reached out to the Collab.Land team for a statement. The developers confirmed that the bot and website involved in this scam are not affiliated with the real Collab.Land protocol. Upon being informed of this imposter, the project developers reported the scam to Telegram.

Categorized in:

Tagged in: