As you probably know, the RDNT multi-chain lending project was hacked last year, and Binance Wallet reminded us for a month to revoke the approvals for this RDNT project and Binance Wallet. This user may not have taken it seriously, which is why they are facing this situation today.
So should all approvals be revoked? Definitely not! Revoking approvals could also result in asset loss! Here’s an example.
How fake authorization scams exploit the revocation feature:
Fake approval revocation scams deceive Web3 users into believing that revoking transaction approvals can protect their wallets—but in reality, victims pay exorbitant 'gas fees' that go directly into the scammers' pockets.
Criminals exploit the "revocation" feature of Web3 wallets, stealing your funds each time they attempt to cancel permissions for fake approvals.
"Revocation" features are always safe, right? Most cryptocurrency users think so, especially in the context where the "revocation" feature is generally considered a key aspect of Web3 wallet security. Unfortunately, scammers have found ways to exploit this feature. In our previous Web3 wallet security blog, we explored the inherent risks of approving smart contract exchanges without carefully verifying all details. In this blog, we will delve into what fake approval scams are, how scammers exploit the "revocation" feature for their benefit, and most importantly, how to avoid becoming a victim of these scams.
What is a fake approval scam?
Using the "revocation" feature for fake approval scams lures users into thinking they are reclaiming transaction permissions granted to unknown platforms or smart contracts. When users attempt to do so, they ultimately pay high "gas fees" while believing their wallet's security is assured.
Temptation: Users browsing token approvals on blockchain explorers like Etherscan or in wallets encounter an unfamiliar token approval message. This seems to indicate that an unknown contract is accessing their valuable assets. Users begin to feel panic and instinctively want to revoke the approval, thinking they are protecting their cryptocurrency.
Scam: However, the real authorization was never granted in the first place. Scammers never touched the user's tokens. Instead, they manipulated the way information is displayed in wallets or blockchain explorers to make it seem like access to an unknown contract was granted. This is merely a clever visual trick—a fake authorization disguised as legitimate. In reality, access was never granted, but the scam is triggered when users attempt to revoke access.
Gas scam: The "revocation" transaction triggered by the user is real—it is a legitimate operation, but its design is to make them pay exorbitant fees. Scammers profit from these inflated transaction costs, often using them to mint new tokens or execute other malicious operations under their control. Users originally thought this was just a protective measure, only to end up making a costly mistake. The fake approvals are merely bait, luring them into paying unnecessarily.
While these scams do not directly steal funds, they drain users' wallets by charging high gas fees without touching the users' remaining assets.
Costly cycle: The worst part? These stealthy approvals do not disappear from the browser. If users think the revocation failed, they may try again, unknowingly providing more funds to the scammers. Each attempt increases the losses because the scammers once again have the opportunity to steal the user's cryptocurrency. The more users attempt to fix the issue, the deeper they fall into the trap.
In the image below, you will notice that the chain explorer shows that the user has granted unlimited approval for 'BEP-20 TOKEN*' to an unknown spender. This concerning sight could trigger panic, making users mistakenly believe they have unknowingly authorized a malicious contract.
But in reality, this is a fake USDT token, and the scammers manipulated the display to create the illusion of prior approval.
By closely examining the transaction page, multiple addresses associated with this fraudulent token can be seen generating 300 so-called approval calls. This strategy aims to amplify urgency, forcing victims to act immediately.
When users attempt to revoke approvals, they end up being charged high fees—from a few dollars to hundreds or even more. These fees are not just wasted; scammers actively exploit these fees to mint new tokens or carry out other malicious operations, all without detection.
In the example above, the victim attempted to revoke approval but ended up doing the opposite. Scammers profited from this transaction, leading users to pay unexpectedly high fees while receiving no solutions: the misleading approval information remains visible, reinforcing the illusion that the user needs to try again.
Before approving any transaction, take a moment to check the details. Does the amount look correct? Do you recognize the contract address? Are there any strange warnings or unusual fees? If something feels off, verify with reliable sources, platforms, or forums.
Understand Your Fees
Familiarize yourself with the average gas fees on the blockchain you are using. If transaction fees appear suspiciously high or abnormal, it could be a warning sign. Use tools like Etherscan's Gas Tracker, GasNow, or Blocknative's Gas Estimator to monitor real-time gas prices and verify expected costs before proceeding.