The 10 commands to NEVER accept in your wallet (if you care about your cryptos)

You click, you sign, you confirm... and there, it’s over. You may have just given full control to a smart contract or a disguised scam.

💡 In Web3, what you sign is worth as much as a paper contract.

Here are the 10 most dangerous commands or approvals that you should NEVER blindly validate, even on Metamask, TrustWallet or others.

1️⃣ setApprovalForAll (NFTs & tokens)

📛 Gives full access to ALL your NFTs or tokens to an address... often used by scams.

❌ To be refused unless you understand exactly why you are signing it (e.g., temporarily for OpenSea, but revoke afterwards).

2️⃣ approve(spender, amount)

🔐 Allows a third party address to withdraw your tokens at any time, up to the set limit.

Even a DEX like Uniswap can abuse this if you approve an “infinite amount”.

✅ Always use a custom amount if possible, and revoke afterwards with Revoke.cash

3️⃣ transferFrom(address from, address to, uint amount)

🚨 Often used chained after an approve, it allows to automatically drain your wallet via another contract.

4️⃣ delegate(address delegatee)

🗳️ Used in governance... but some scams use it to hijack your voting power, even to control related vaults.

5️⃣ permit(...)

✅ Very useful for signing a “fee-less” transaction (EIP-2612), but can be abused if misused.

⚠️ If a scam makes you sign a permit, it can then chain a transfer.

6️⃣ increaseAllowance(...)

💸 Makes you believe you are adding a limit... but you still give even more withdrawal power to the target address.

💀 Some scams make you sign this just after an airdrop.

7️⃣ fallback() payable or empty transactions

🕳️ You see nothing in the signature... but it still sends ETH or BNB to a trapped contract.

Refuse any signature without a clear explanation in your wallet.

8️⃣ Signature of a trapped off-chain message

📝 Some attacks rely on a message signature (not a transaction) to use it later on a fraudulent contract.

Example:

kotlinCopierModifierSign this message to confirm ownership of your wallet:
0x123abc...

⚠️ If you see this outside of a trusted site → run away.

9️⃣ Transactions initiated “outside a dApp”

🧨 If your wallet shows a signature or approval when you haven't requested anything in a DApp or site, it’s probably:

• A malicious extension

• A trapped tab opened

• A redirection attack

  
  
  
  

  🔟 Signature in an unknown pop-up

  
  💬 Common example: a pop-up “Binance Update” asks you for a signature in Metamask...

  
  Spoiler: Binance never needs you to manually sign a file.never needs you to manually sign a file.

  
  
  
  
  🛡️ CONCLUSION: if you don't understand a command → you do not sign.

  
  Before confirming anything:

  • Check the URL (always HTTPS)

  • Check that the command matches what you requested

  • Use https://revoke.cash or https://etherscan.io/tokenapprovalchecker to revoke access

💬 Do you want a simple PDF guide with these commands + their translations for Metamask / TrustWallet?

Comment “WALLET SAFE” and I’ll send you that 🔐

#CryptoSecurity #Wallet #Web3Security #BinanceFeed #Binance