With the rapid development of Web3, the on-chain ecosystem is flourishing, and more and more users are participating in on-chain trading and other activities. However, various on-chain scams have also emerged, with scammers stealing assets by inducing users to authorize transactions or leak private keys.

Previously, the WEEX exchange's anti-fraud education primarily targeted counterfeit platforms, Ponzi schemes, and other centralized fraud trading platforms. This issue's article introduces some common on-chain scam cases and provides WEEX's security recommendations to help you identify and avoid major Web3 risks.

Common types of on-chain scams

1. Induced authorization scams

Scammers create fake authorization transactions, inducing users to sign, thus gaining operational access to user assets. For example:

Phishing links: Scammers share so-called 'high-yield' trading information in communities, guiding users to click links for 'mining' or 'staking airdrops', which is actually to steal authorizations.

OTC trading disguise: Scammers impersonate OTC traders, asking users to perform small test transfers (like 1 USDT), which are actually authorization transactions that allow them to control user assets.

2. Permit and Permit2 authorization scams

The Permit and Permit2 authorization mechanisms introduced by Uniswap can save gas fees, but they may also be exploited by hackers to induce users to authorize transactions.

3. eth_sign authorization scams

eth_sign allows users to sign any transaction hash, equivalent to providing a 'blank check' on Ethereum. Scammers induce users to use eth_sign to create custom transactions, thus stealing assets.

4. Screenshots and screen recording to steal private keys

Scammers impersonate investment advisors or trading experts, inducing novice users to leak private keys or mnemonic phrases through screenshots or screen sharing.

5. Malicious airdrop scams

Scammers send worthless tokens to a large number of addresses, inducing users to interact with phishing websites to sell these tokens, thereby stealing assets.

6. Similar address scams

Scammers create addresses similar to user interaction addresses, inducing users to transfer assets to the wrong address.

7. Project team exit scam

Some project teams may abuse user authorizations, disappearing after transferring assets, causing user losses.

8. Rug pull scams

Scammers attract users by hyping up tokens, then manipulate prices to sell at high points, preventing users from selling assets, resulting in losses.

Security recommendations for WEEX trading

Stay vigilant: Do not blindly follow financial advice from social media or group chats, especially if it involves unknown links or so-called 'high-yield' projects.

Avoid interacting with unknown contracts: Verify the reliability of the contract source before authorizing, and only interact with well-known platforms or DApps that you fully understand.

Reject unknown transaction signatures: Carefully check the authorization target and amount before approving transactions, especially for 'approve' and 'increase allowance' operations.

Understand new authorization risks: Although new authorization mechanisms like Permit and Permit2 can save gas fees, they may also pose security risks.

Write down and securely store the mnemonic phrase: Record the mnemonic phrase on paper, avoiding screenshots or electronic storage.

Beware of strangers requesting your mnemonic phrase: Never share your mnemonic phrase with anyone.

Avoid remote assistance: Do not display the mnemonic phrase or private key during remote assistance.

Do not interact with unknown airdrop tokens: Be cautious of unknown airdrop tokens and verify their information before interacting.

Double-check the transfer address: Verify the first and last characters of the address before transferring to avoid mistakes.

Regularly manage authorizations: Periodically check and revoke DApp authorizations that haven't been used for a long time.

In summary, cryptocurrency scam tactics are constantly evolving, and users need to remain vigilant and enhance their risk awareness. By understanding common scam methods and taking effective security measures, you can better protect your asset security. WEEX exchange will continue to provide you with a safe and reliable trading environment and help you identify and respond to potential risks. Let us work together to safeguard your crypto assets!