Yesterday, we received reports of people seeing unknown approval transactions in their transaction history.
It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these "fake approvals".
It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these "fake approvals".
Fortunately, many of these approvals weren't showing up in Revoke, since they were filtered out based on heuristics, but a few always slip through the cracks.
So to combat this scam we've just added a check that disables revoking approvals if there's an excessive gas fee.
So to combat this scam we've just added a check that disables revoking approvals if there's an excessive gas fee.
So how does this scam work?
Years ago, when gas fees started to rise on Ethereum, the concept of "gas tokens" were developed. These gas tokens used (or abused) a feature of the EVM that allows for gas refunds when clearing storage.
One example is CHI:
blog.1inch.io
Years ago, when gas fees started to rise on Ethereum, the concept of "gas tokens" were developed. These gas tokens used (or abused) a feature of the EVM that allows for gas refunds when clearing storage.
One example is CHI:
blog.1inch.io
This allowed users to mint gas tokens when fees were low, and burn them when fees were high, effectively "locking in" the lower fee.
This was an unintended side-effect of storage gas refunds, and was made infeasible with EIP-3529 back in 2021.
eips.ethereum.org
This was an unintended side-effect of storage gas refunds, and was made infeasible with EIP-3529 back in 2021.
eips.ethereum.org
However, several other EVM chains, including BNB Chain, still have this concept of gas tokens, which is what the scammers abuse.
These scammers created fake tokens that they airdropped and created fake approvals for these tokens, which people think they need to revoke.
These scammers created fake tokens that they airdropped and created fake approvals for these tokens, which people think they need to revoke.
But the scammers programmed these fake tokens so that it mints a lot of gas tokens during a revoke transaction. These gas tokens are then sent to the scammers, who can sell them. This is scary because your wallet popup will not show that you're sending funds, just a high fee.
Shoutout to @0xblanker for sharing more info about this scam yesterday. You can check out their thread as well:
We hope that this thread has helped educate you on this scam and will help keep you safe. We're always updating the Revoke.cash website to combat these types of scams.
Like/Retweet the first tweet below if you've found it helpful:
Like/Retweet the first tweet below if you've found it helpful:
Loading suggestions...