Since Zhuge started the asset recovery business, although he has helped many friends recover lost or stolen assets, in reality, over 90% of the lost assets are beyond our reach.

For instance, some friends mistakenly authorized phishing links, resulting in a loss of several thousand USDT. However, trying to recover it would take six months to file a police report, gather evidence, hire a lawyer, contact officials for freezing, track people down, and even apprehend them... The costs would outweigh the lost assets, making it not worth the effort, and recovery becomes impossible.

So, Zhuge decided to start a column listing the most common scams I've encountered, to educate everyone. I hope this helps you avoid pitfalls and scams.

In the first phase, let’s start with the most common scams: fake airdrops / phishing tokens / fake benefit activities.


The reason these types of forms are grouped together is that they all use the same technical principle to steal your coins, which is tricking you into giving wallet approve(spender, amount) authorization.

图片

This authorization means you allow a certain contract address to transfer your money. Approve means to allow profit, Spender is the address you permit, and amount is the allowed quantity. Generally, when participating in a token TGE to grab a pre-sale, one would make this authorization in advance.

So once you give authorization to a scammer, they can just transfer your funds out of your wallet.

Now that I understand the principle, let me lay out some common tricks of this type of scam for everyone:


1. Fake airdrops

Scammers will send you a link, telling you: there’s an airdrop event, just scan the code and sign with your wallet.

This so-called 'signature' is just a way to trick you into giving approve authorization, wrapped in a promise to confirm you’re the wallet owner, or disguised as a concern that airdrops might go to the wrong wallet, and so on.

Because when logging into some legitimate Dapps, there is also a wallet signing action. However, those legitimate Dapps only require you to sign Sign Message authorization, and won't result in stolen funds. Normal Sign Message authorization details do not include amounts, contract addresses, or ERC20 terms.

But many investors don't know how to differentiate between Sign Message authorization and approve authorization (which has terms like 'unlimited' amount, contract address, ERC20, etc.), so they end up falling for the approve authorization, thinking it's just a normal registration for an airdrop.

Once you agree, the money in your wallet gets transferred out.

2. Phishing tokens

This scam was really hot last year, because it was a big year for airdrop farming, and a lot of newbies came in, hoping for those sweet airdrops.

A common situation is that one day you open your wallet and suddenly find some valuable unknown tokens, like the PANU and TORA in the image below.

图片图片

A normal crypto trader's first reaction is to quickly dump it, without caring how it came about. When selling this token, you'll naturally give approve authorization, and it’s often an unlimited authorization.

But when selling, you usually get a message that you can't sell. Some friends who don't understand may just move on to other things and won't specifically cancel the approve authorization. Hackers will use your given approve authorization to drain your funds.

图片

This is actually a scam that’s been around since 2017, and many people fell for it before 2019.

There's a saying in the circle that pokes fun at the bloody lessons from before 2019: if someone never gives 'unlimited' amount authorization, there's no doubt they've been hacked before.

Later, wallet features improved, hiding these phishing tokens and giving everyone a red warning sign, so if you see tokens marked in red or some tokens you can't see on your wallet's homepage, they are often phishing tokens.

图片

But hackers also update their techniques and find ways to bypass wallet alerts. So if you suddenly see unknown tokens in your wallet, it’s more important to be cautious.

3. Fake benefit activities

The trick here is the same as the previous fake airdrop; it’s just wrapped in a new package to trick you into giving approve authorization.

This is because KOLs often warn their followers to be cautious of fake airdrop scams, so airdrops can raise some people's alarms. Some scammers switch to new tricks like 'new user login events' or 'exclusive cashback for old users' to trick you into giving authorization.

So how do we prevent such scams?

The easiest way is not to give authorization to unknown altcoins; even when trading yourself, only authorize a small amount, and never give unlimited authorization.

Also, regularly clean up the authorizations for the altcoins you've played with, because you can't predict when those altcoins might be targeted by hackers.

The most professional way is to clearly understand your wallet's Sign Message authorization, approve authorization, Permit / Permit2 offline signatures, and eth_sign authorization. Check the details each time you operate, to discern if the authorizations are correct.

图片


The hardest thing to do is to let go of the desire for easy gains, and to be vigilant when something seems too good to be true.