Skip to main content
All CollectionsCrypto BasicsSecurity 101
Web3 scam alert: Phishing scheme with fake trading signals
Web3 scam alert: Phishing scheme with fake trading signals
Caleb avatar
Written by Caleb
Updated over a month ago

Introduction

In recent months, there has been a rise in phishing scams that target new DeFi users. The strategy usually involves “profitable” trading signals, which leads the victims to fall for the scam and have their assets stolen. These cunning schemes are designed to gain access to particular tokens stored in the wallet. In this article, we are going to explain how the scam works and how to protect yourself from funds loss.

***Disclaimer: 1inch Support and its affiliates are not associated with any phishing scams or fraudulent activities described in this article. We strongly advise our users to exercise caution and verify all information independently. Any links, websites, or communications that appear to be from 1inch but are not hosted on our official domain (1inch.io) should be considered potentially fraudulent

Initial Contact

A scammer approaches a victim on a social platform (most often, Telegram), claiming to have valuable trading signals. Trading signals are instructions on what, when, where, and how to allegedly gain temptingly large profits via the buying and selling of tokens. A scammer may incorporate malicious phishing links within their first message to the victim.

Request to Setup a New Wallet

The scammer asks and instructs the victim to create a new wallet as part of their trading setup. Usually, this involves a recognizable and trusted wallet that lacks extensive security measures. This allows attackers to achieve two goals: to give the victim a false sense of safety and to minimize the chances of triggering automatic security checks during the theft of funds.

Token Approval

After setting up the new wallet, the scammer encourages the victim to follow one of the phishing links from the trading signal message in order to start trading. The malicious website will be impersonating a known and trusted dApp. The malicious website will request the victim to make a token approval to the scammer’s Externally Owned Account (EOA). Approval requests are usually routine in DeFi; however, submitting an approval to an EOA exposes those funds directly to the third party. Even approvals to smart contracts should be treated with caution, as they can also be malicious.

No legitimate platform operates on an EOA-to-EOA basis, because it is unsuitable for complex token management, which is the primary purpose of DEXes.

Wallet Compromise

Once the victim approves tokens on a malicious website, the wallet becomes compromised. The theft can occur at this point, or the thief may continue to send more trading signals, encouraging the victim to deposit even more funds.

Final Theft of Funds

Eventually, the scammer will sweep the wallet, often after the victim swapped tokens on an official, legitimate dApp. Since the approval was given to the scammer’s EOA, they can execute a transaction to withdraw funds without direct input at any time.

Fake Support and Further Exploitation

After the victim realizes funds are missing and communicates it, the scammer may direct the victim to a fraudulent “Customer Support” account. The fraudulent account will claim that the funds are frozen and instruct the victim to deposit more funds to “unfreeze” them. This is yet another attempt to steal more funds, and any additional deposits will be lost as well.

How to Protect Yourself

Be skeptical

  • Be skeptical of any unsolicited financial advice from anonymous accounts on communication platforms, especially if it promises quick, large profits. Do your own research on the offer and verify its legitimacy with other trusted third parties before proceeding.

Be wary of URLs shared by third parties

  • Do not follow any links shared with you through such communication. A URL may appear legitimate but can still lead to malicious websites.

  • Use official websites and resources to set up wallets.

Verify your tokens and manage approvals

  • Always pay attention to approval requests that pop up when interacting with platforms. Review each new one in detail, especially when they request unlimited token spending. Using protection tools like Pocket Universe and Wallet Guard can help you minimize the risks.

  • Verify where your tokens are being approved. To do so, inspect the address requesting approval on a block explorer for labels on the spender’s address, verified source code on the spender’s address and research into the dApp’s trusted smart contract addresses. If there are no labels or source code on the block explorer, it may not be wise to grant the allowance.
    However, note: some sophisticated scams may eventually disguise themselves with more code. Always verify before taking action.

  • Double-check when granting unlimited allowances, as they can be potentially harmful.

  • Use tools like Revoke.cash to regularly check and clean up token approvals. EOAs are flagged as “high risk” and should be revoked immediately if found.

Be proactive

  • At any point, if you suspect your wallet is compromised or if you have mistakenly approved tokens to a suspicious account, immediately revoke the approval using services like Revoke.cash or directly through your wallet.

  • Do not engage with unsolicited support accounts that claim to help recover your funds. Legitimate support will never ask you to deposit more money to fix an issue.

Conclusion

Your security is 1inch top priority. Stay vigilant and protect yourself from phishing scams by following these best practices. If you have any concerns or need further clarification, feel free to reach out to our official Support team via the Live chat.

Did this answer your question?