In our constant effort to ensure user security, we would like to highlight an increasingly common form of scam known as "Fake Mining". This article covers how these scams operate and how to be proactive in securing your digital assets.
The Anatomy of "Fake Mining" Scams
In the DeFi ecosystem, it is standard practice for a dApp to request permission to view your wallet balance and for its smart contract to access your tokens. This is a fundamental aspect of how dApps interact with your wallet. Unfortunately, bad actors have found ways to exploit this process, creating scams that can lead to significant losses for unsuspecting users.
One such scam, dubbed as "Fake Mining", adopts the following approach:
The dApp lures users with the promise of an unusually high Annual Percentage Yield (APY) for depositing tokens, often USDT.
To access these returns, users are asked to purchase a so-called "mining voucher."
The dApp then prompts the user to approve access to their tokens to buy this voucher. This request itself is where the thief obtains access to the victim's funds.
Once approved, the dApp employs the <transferFrom> function to drain the tokens into a different wallet which they control.
Despite the tokens being drained, the user's balance on the dApp interface remains unchanged or even appears to increase, reflecting the promised APY. This deception is designed to maintain the illusion of legitimacy.
This scam exploits the token approval process, cloaking its activities under the guise of legitimate operations, thereby making it particularly dangerous for users who may not be aware of such tactics.
How to avoid this scam
Here are some essential steps to safeguard your 1inch Wallet from Fake Mining scams:
Due Diligence: Always perform thorough research on any dApp before interacting with it. This includes scrutinizing what exactly a dApp is requesting before clicking 'approve.'
Limit Approvals: On most block explorers, you can limit the amount of tokens that the dApp can access. You can also completely revoke approvals. Even if a dApp turns out to be a scam, limiting its access can prevent a total loss.
Healthy Skepticism: If an offer appears too good to be true, it likely is. Be wary of dApps offering excessively high APYs.
Another strategy to mitigate risk is to hold smaller sums in your hot wallet (like the 1inch mobile wallet) and the majority of your tokens in a hardware wallet. This approach can significantly reduce the potential losses from scams or breaches.
***Note: Soon 1inch will be launching it's very own hardware wallet! This product, once launched, will offer an additional layer of security for your assets.
Always remember that the best defense against scams and malicious actors in the crypto space is knowledge and vigilance. Stay tuned for future updates and stay safe in your DeFi journey!
Questions, comments, concerns? Feel free to reach out to us in the live support chat!