- Wallet security Revoke.cash urges investors to ignore tokens they don’t recognize.
- The caution comes amid a new discovery that scammers use gas tokens to steal money when victims revoke the fake approvals.
- The alert comes amid the infamous Multicahin exploit across Fantom, Moonriver, and Dogecoin bridges.
Gas tokens have become the new loophole that hackers exploit to steal money from unsuspecting token holders. The discovery aligns with the recent attack on cross-chain router Multichain.org which saw the threat actors make away with upwards of $130 million in user-supplied tokens.
Also Read: Fantom trading volume falls 20% as Multichain hackers leverage FTM tokens in a new attack on Twitter
Gas tokens, a new tactic among scammers
Gas tokens could see you lose money without seeing it coming. The news comes after several reports of token holders noticing strange approval notifications on their transaction history even though they had denied the transactions.
Yesterday, we received reports of people seeing unknown approval transactions in their transaction history.
It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these “fake approvals”. pic.twitter.com/vpY2sGIv0T
— Revoke.cash (@RevokeCash) July 9, 2023
Gas tokens are typically cryptocurrencies designed to pay transaction processing fees. Notably, for every transaction, a nominal fee is paid as a transaction charge. A recent discovery has indicated that scammers now leverage this principle to enrich themselves at the expense of innocent cryptocurrency investors.
The gas tokens concept traces back several years ago to mitigate high Ethereum (ETH) blockchain transaction fees. It works by leveraging an Ethereum Virtual Machine (EVM) feature where users get some form of discount when clearing storage. Specifically, “users could mint gas tokens when fees were low, and burn them when fees were high.” Effectively, they enjoy the reduced fees as an unintended result of storage gas refunds.
Gas tokens leveraged by Multichain hackers
Multichain hackers capitalized on gas tokens to execute their recent attack, creating fake tokens for airdrops and advertising them to the unsuspecting Fantom (FTM) and Dogecoin (DOGE) holders.
In the past couple of days, @MultichainOrg‘s fund was moved, and official sources and various security tools like @RevokeCash and @Rabby_io have been urging users to revoke their approvals for Multichain. And devs created useful tools to check users’ approvals for Multichain.
— blanker.eth (@0xblanker) July 8, 2023
Here’s the catch! While the victims (unsuspecting token holders at the time) turned down the notifications to approve the airdrops, they did not know that the bad actors had created fake approvals for these tokens, which victims thought they needed to (and did) revoke.
This type of activities happened in my wallet and I did revoked….. Is my wallet safe or hacked
— Shrinika ✨ (@blockchainsupr) July 9, 2023
Revoke.cash, a web3 infrastructure, has cautioned token holders against reacting to such notifications, saying, “If you tried to revoke these fake approvals, you probably paid a very high fee, which went to the scammers.”
The wallet security firm said that the Multichain hackers programmed fake tokens to mint a lot of gas tokens during the victims’ revoke transactions, which were all sent to their own accounts. At this point, therefore, they could sell their exploit tokens. Notably, the transaction is not noticeable as “just a high gas fee.”
According to Revoke, the best way to avoid this exploit is to ignore them because they are innately programmed to charge a high fee when revoked.
Best thing to do with these fake approvals / fake tokens is to ignore them. As long as you don’t interact with them, they can’t steal your funds.
— Revoke.cash (@RevokeCash) July 9, 2023
Citing Revoke.cash, “The approve/revoke functionality is programmed into the token itself,” which means ignoring it is the only way to avoid falling victim.
Instances of scams presented as airdrops have increased in the crypto sector, which is why token holders must exercise caution and avoid the temptation to click on links they are not familiar with.
Like this article? Help us with some feedback by answering this survey: