In the wake of the multichain bridge hack, security experts and multichain.org are warning users about a new form of crypto fraud. Revoke.cash has uncovered a fresh variant that preys on the use of gas tokens, specifically targeting tokens like $chi.
Taking advantage of the situation, scammers have cleverly utilized the aftermath of the bridge hack to promote their smart contract scam. Their scheme involves creating counterfeit tokens on the BNB chain and distributing them to unsuspecting users. To further deceive victims, the scammers have generated fake approval transactions for numerous addresses on the chain.
As a result, users who attempt to reject or revoke their approval for multichain or unfamiliar smart contracts linked to their wallets unknowingly encounter these fraudulent approval requests. Wallets and wallet security firms are urging caution and advising users to stay vigilant in order to prevent further losses.
When users receive a notification to approve this malicious smart contract, they attempt to revoke the approval for the token. Unfortunately, the approval function of the token is flawed and imposes high gas fees. As a result, users end up minting $chi tokens to reduce these fees. However, when users revoke the approval for this smart contract, the minted $chi tokens are inadvertently sent to the deployer of the smart contract.
According to Rabby Wallet, it is important to be aware of fake approval requests that could potentially impact a user’s wallet and valuable assets. These fake requests do not add new approvals to the wallet, so it is advisable to ignore them. Rabby Wallet has made efforts to filter out such fraudulent approvals.
To identify these fake approvals, here are some key points:
– Revoking these approvals requires significantly higher gas fees, approximately ten times more than normal.
– The approved tokens often lack logos.
– This scam primarily targets EVM chains that have not implemented EIP 3529.
Since the launch of this smart contract, the scammer has already amassed 70k $chi. To be safe, avoid interacting with unfamiliar coins or smart contracts. Use security tools like revoke.cash to monitor granted approvals for smart contracts closely. Additionally, the platform has integrated a pop-up notification feature to alert users about potential scams of this nature.