NEW NFTs SCAM- Fake version of the popular contract-revoking site!!!

[albon]

Hello everyone, this topic, I hope everyone reads it carefully. I found someone who posted this scam method on his Twitter account, so I posted it here so that people would warn about it. Those who would like to translate this topic and post it on the local boards. This will be a good job.



There's a new scam going around that tries playing off of your fear in order to trick you into signing away your valuable assets.  Expect these to become more popular in the future.  This is how it works 1/

2/ A user posts about an OpenSea vulnerability, claiming they lost a large amount because of an approval to "OpenSea API".  They direct you to revoke your approvals, and link a site to do so.  The site is NOT legitimate. Bookmark http://revoke.cash, or just use etherscan.



3/ When you connect to the linked site, it runs a script to determine your highest value assets.  This is similar to the "apecoin" drops.



4/ When you load the page, this script will execute and display "approvals" to OpenSea API for anything they're interested in stealing.  In my case, they only want my BAYC and BAKC.  Note that I don't actually have any approvals set for either of these collections.



5/ Clicking the "revoke" button prompts you to "setApprovalForAll", which is the same as what you'd expect from the real http://revoke.cash.  However, there's an important difference ☞ https://revoke.cash/

6/ While the real site calls setApprovalForAll with a flag of false, this one sets it to true.  It's setting an approval for the scammer's wallet to move that collection for you, which you can see under the data tab before signing the transaction.




7/ If you were to set approval for a collection, ALL of your assets from that collection would be at risk.  There are legitimate use cases for 'setApprovalForAll', but it's a powerful method and you should always think twice is you're prompted for it. e.g. {CLICK HERE}


8/ The address it sets approval for is https://etherscan.io/address/0x33e02cC38790a07927c79D1ed75b72bcFb83766d.  It doesn't appear they've seen any success yet; hopefully, this thread helps keep it that way.  Keep your guard up, protect your assets, and stay safe. A simple red banner and warning when a user is interacting with an ERC721 setApprovalForAll function are probably enough to protect many people from falling into these scams...


Source :
----------
https://twitter.com/MetaMask
https://twitter.com/0xQuit/
https://twitter.com/RevokeCash

[noorman0]

Thank you for sharing this, OP.
Today's NFT marketplaces is no longer secure, I wouldn't be surprised if hackers still have endless opportunities trying to steal millions of dollars of collectors' money. The hype has attracted entrants from a wide variety of backgrounds who FOMOed dives right into without first exploring how it works (technically).

[cryptoaddictchie]

Thank you for sharing this, OP.
Today's NFT marketplaces is no longer secure, I wouldn't be surprised if hackers still have endless opportunities trying to steal millions of dollars of collectors' money. The hype has attracted entrants from a wide variety of backgrounds who FOMOed dives right into without first exploring how it works (technically).

Thats what happening if they are apeing too confidently. Im sure those who got stolen nft are probably regretting clicking any of those scam sites.

Thanks OP for sharing this update. A lot of people should really pay attention to this kind of alert cause its not cool to ler your hard earned expensive nft got stolen just like that.

[Sayeds56]

Thanks for sharing this update which is in fact a wake up call for all of us. Frequent scams are major concerns of all of us so we should take all necessary security steps to protect our hard earned money. we should avoid connecting our wallets to websites those are not trust worthy and keep your wallet locked always when  you are not using it.

https://www.cnbc.com/2021/06/11/tips-to-help-keep-your-crypto-wallet-secure.html