With the rapid development of Web3, the on-chain ecosystem is becoming increasingly prosperous, and more users are participating in on-chain transactions and other activities. However, various on-chain scams have also emerged, with scammers stealing assets by inducing users to authorize transactions or leak private keys.

Previously, WEEX's anti-fraud public education primarily targeted impersonation platforms, Ponzi schemes, pig butchering scams, and other centralized off-chain fraud trading platforms. This issue's WEEX anti-fraud article will introduce some common on-chain scam cases and provide WEEX's security recommendations to help you identify and avoid major Web3 risks.

Common On-chain Scam Types

1. Induced Authorization Scam

Scammers deceive users into signing forged authorization transactions, gaining operational control over user assets. For example:

Phishing Links: Scammers share so-called 'high-yield' trading information in communities, guiding users to click links for 'mining' or 'staking airdrops', which are actually aimed at stealing authorizations.

OTC Trading Disguise: Scammers disguise themselves as OTC traders, asking users to make small test transfers (e.g., 1 USDT), which are actually authorization transactions, allowing them to control user assets.

2. Permit and Permit2 Authorization Scam

The Permit and Permit2 authorization mechanisms introduced by Uniswap can save Gas fees, but they may also be exploited by hackers to induce users to authorize transactions.

3. eth_sign Authorization Scam

eth_sign allows users to sign any transaction hash, equivalent to providing a 'blank check' on Ethereum. Scammers lure users to construct custom transactions using eth_sign, thereby stealing assets.

4. Screenshots and Screen Recording to Steal Private Keys

Scammers disguise themselves as investment advisors or trading experts, inducing novice users to leak their private keys or mnemonic phrases through screenshots or screen sharing.

5. Malicious Airdrop Scam

Scammers send worthless tokens to a large number of addresses, luring users to interact with phishing websites to sell these tokens, thus stealing assets.

6. Similar Address Scam

Scammers create addresses similar to user interaction addresses, luring users to transfer assets to the wrong address.

7. Project Team Exit Scam

Some project teams may abuse user authorizations, disappearing after transferring assets, resulting in user losses.

8. Rug Pull Scam

Scammers attract users by hyping tokens, then manipulate prices to sell at high points while preventing users from selling their assets, causing losses.

WEEX Trading Security Recommendations

Stay vigilant: Do not blindly follow financial advice in social media or group chats, especially involving unknown links or so-called 'high-yield' projects.

Avoid interacting with unknown contracts: Verify the reliability of the contract source before authorizing, and only interact with well-known platforms or DApps you fully understand.

Reject unknown transaction signatures: Carefully check the authorization target and amount before approving transactions, especially for 'approve' and 'increase allowance' operations.

Understand the risks of new authorizations: Although new authorization mechanisms like Permit and Permit2 can save Gas fees, they may also pose security risks.

Write down and securely store your mnemonic phrase: Record the mnemonic phrase on paper to avoid screenshots or electronic storage.

Be wary of strangers asking for your mnemonic phrase: Never share your mnemonic phrase with anyone.

Avoid remote assistance: Do not display your mnemonic phrase or private key during remote assistance.

Do not interact with unknown airdrop tokens: Stay vigilant regarding unknown airdrop tokens, and verify their information before interacting.

Carefully verify transfer addresses: Check the first and last characters of the address before transferring to avoid mistakes.

Regularly manage authorizations: Periodically check and revoke DApp authorizations that have not been used for a long time.

In summary, cryptocurrency scams are constantly evolving, and users must remain vigilant and enhance their risk awareness. By understanding common scam tactics and taking effective security measures, you can better protect the safety of your assets. WEEX Exchange will continue to provide you with a safe and reliable trading environment and help you identify and respond to potential risks. Let's work together to protect your crypto assets!