Scammers Stealing Chainlink by Abusing Token Approval Transactions
2 min readNew research has highlighted potential vulnerabilities in the transaction approval process that could enable malicious actors to steal crypto tokens.
The report, published by crypto wallet provider MyCrypto, stated that there could be security vulnerabilities with the approval mechanism that automated market makers use before a transaction or token swap can go ahead.
The research stated that the function allows a third-party to send tokens from your account on your behalf. It added that bad actors have learned to exploit this as users are expecting scams to target their private keys;
“Exploiting token approvals is a clever approach because users generally think: ‘If they don’t have my key then they can’t sign a transaction, so they cannot steal my assets.’”
Chainlink Holders Targeted
The report highlighted one current scam targeting Chainlink (LINK) holders. Scammers use a malicious mailing campaign that details a fake upgrade to the token promising gas reductions and supporting meta-transactions.
“The promise of less gas is supposed to strike FOMO into the hearts of users so they “upgrade” as soon as possible without thinking,”
The malicious actors are publishing a verified contract on-chain using the token approval call to make it look more legitimate, it added. Users are prompted to set an approval call for their wallet address which then gives the hackers permission to withdraw LINK tokens.
The report provided examples using addresses that have enabled the “approve()” function and those that have already stolen tokens.
It alleges that so far, the scammers have moved 266 LINK tokens, worth around $7,200 at the time of writing. However, the address they are sending the tokens to has a current balance of 1,111 LINK tokens valued at around $30,000.
@sniko_ found 4 accounts that fell for a token approval scam targeting @chainlink holders.
2 accounts were already drained of their $LINK tokens!
If you own any of these, please go revoke access for 0x7ae7d6E2e61Fbf0Be780dd19B6A01f5D44bedE89 at https://t.co/oI3YM7pl0x pic.twitter.com/THGLJwGNFU
— MyCrypto.com (@MyCrypto) February 25, 2021
It concluded that there are likely to be multiple campaigns from the same bad actors.
Staying Safe
To safeguard against such scams the report advised that users trust who or what they are approving to spend their tokens. It stated that a tool called revoke.cash is able to revoke these permissions
It is also pertinent to ensure that mailing lists and updates are coming from the official source and project, as the number of fakes continues to rise.
With rising crypto prices, more vigilance is needed by users and investors as the scams will grow in number and sophistication.
The post Scammers Stealing Chainlink by Abusing Token Approval Transactions appeared first on BeInCrypto.
